What triggers AWS Lambda@Edge with CloudFront conduction in TypeScript

Question

Pulumi · Accepted Answer

AWS Lambda@Edge allows you to run Lambda functions in response to CloudFront events, without having to manage servers. Lambda@Edge can be triggered by different types of CloudFront events such as viewer request, viewer response, origin request, and origin response. This allows you to execute code at Edge locations which can be used for various purposes like website personalization, SEO redirects, security headers addition, etc.

For triggering a Lambda@Edge function with CloudFront, you need to create a Lambda function with the necessary permissions and then associate it with a CloudFront distribution by specifying the event that will trigger the function.

To demonstrate how you can set up Lambda@Edge with CloudFront, I'll walk you through the process of creating a Lambda function and a CloudFront distribution, as well as how to associate the two using Pulumi in TypeScript.

Firstly, let's create a Lambda function to be executed at the Edge:

```typescript
import * as aws from "@pulumi/aws";

// Define the Lambda@Edge function
const lambdaAtEdgeFunction = new aws.lambda.Function("myLambdaAtEdgeFunction", {
    code: new pulumi.asset.AssetArchive({
        // Your function's code (e.g. index.js) should be in the 'lambda' folder or a similar structure
        ".": new pulumi.asset.FileArchive("./lambda"),
    }),
    // Choose 'nodejs12.x' or another runtime if needed, provided it is supported by Lambda@Edge
    runtime: aws.lambda.NodeJS12dXRuntime,
    handler: "index.handler", // Your handler function
    role: lambdaExecutionRole.arn, // IAM role with permissions for Lambda@Edge
    // The below argument is required for a Lambda function to be executed in response to CloudFront events.
    // Lambda@Edge requires us-east-1 region.
});

// Assume that lambdaExecutionRole has been defined elsewhere with the necessary AssumeRolePolicy
```

Now let's define the CloudFront distribution:

```typescript
const distribution = new aws.cloudfront.Distribution("myDistribution", {
    enabled: true,
    origins: [
        {
            originId: "myS3Origin",
            domainName: aws_s3_bucket.myBucket.bucketDomainName, // Assuming myBucket is an S3 bucket defined elsewhere
        },
    ],
    defaultCacheBehavior: {
        targetOriginId: "myS3Origin",
        viewerProtocolPolicy: "redirect-to-https",
        lambdaFunctionAssociations: [{
            eventType: "viewer-request",
            lambdaArn: lambdaAtEdgeFunction.qualifiedArn,
        }],
    },
    // Other necessary configurations go here (e.g., ViewerCertificate, DefaultRootObject, Restrictions, etc.)
});
```

In this example, `lambdaFunctionAssociations` is where you link the Lambda function with a specific CloudFront event. `eventType: "viewer-request"` triggers the Lambda function before CloudFront forwards the request to the origin, which in this case is an S3 bucket.

Don't forget to replace the placeholders like `./lambda` with your actual Lambda function's code path and ensure `aws_s3_bucket.myBucket` is replaced with a reference to your own S3 bucket if you are following this approach to create your bucket.

In conclusion, with the code above:
- A Lambda@Edge function is created which will be triggered by CloudFront events.
- A CloudFront distribution is set up, associating the Lambda function with the viewer-request event.

When you're ready to deploy this infrastructure, you can use the Pulumi CLI:

```bash
pulumi up
```

This command will initiate the deployment based on your TypeScript code, provisioning the resources in your AWS account. It's this simple to pair AWS Lambda@Edge with CloudFront using Pulumi!