Durch die Nutzung von AWS re:Post stimmt du den AWS re:Post Nutzungsbedingungen
AWS re:Postre:Post

CloudFront does not seem to invoke lambda@edge function

0

I have a CloudFront distribution. The origin is an S3 object that uses OAI.

I have created a lambda@edge function following directions from https://aws.amazon.com/blogs/compute/implementing-default-directory-indexes-in-amazon-s3-backed-amazon-cloudfront-origins-using-lambdaedge/

Basically, I want the lambda@edge function to redirect URLs ending in / to /index.html. Acting like Apache DirectroyIndex.

The CloudFront distribution works for URLs without the redirect requirement. But CloudFront does not seem to invoke my lamba@edge function.

I have ensured, there is a correct association between the CloudFront distribution and the labda@edge function version.

I made several test requets:

 curl -I https://www.sudheer.net/blog/
HTTP/2 403 
content-type: application/xml
date: Sat, 19 Feb 2022 14:35:38 GMT
server: AmazonS3
x-cache: Error from cloudfront
via: 1.1 5d840d432727e3561fd1a3de915212ca.cloudfront.net (CloudFront)
x-amz-cf-pop: EWR53-C2
x-amz-cf-id: leub-Kgu4Bh9xH4Rn5o7bxs62B1NBO4ViEu6hv-_xtGG7DSQlBFEXw=

I get 403. I did not find any lambda@edge logs in any region.

What could be the issue? How do I go about finding it?

Themen
Vernetzung & Bereitstellung von Inhalten
Tags
Amazon CloudFront
Sprache
English
AWS-User-9269306
gefragt vor 2 Jahren1194 Aufrufe
2 Antworten
0

A 403 error is a permissions issue. Check if the the IAM role attached to your Lambda@Edge function can be assumed by the service principals lambda.amazonaws.com and edgelambda.amazonaws.com. Here's a documentation for details: https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/lambda-edge-permissions.html#lambda-edge-permissions-function-execution

profile picture
joahna
beantwortet vor 2 Jahren
  • AWS-User-9269306
    vor 2 Jahren

    The Lambda@Edge function has the principals:

    {
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "",
            "Effect": "Allow",
            "Principal": {
                "Service": [
                    "edgelambda.amazonaws.com",
                    "lambda.amazonaws.com"
                ]
            },
            "Action": "sts:AssumeRole"
        }
    ]
}
0

Greetings,

I see that you are having issues with CloudFront not invoking your Lambda@Edge function. It is important to note the HTTP 403 error you are getting, which indicates a permissions error.

You stated that the CloudFront distribution works correctly when your Lambda@Edge is not called, which indicates that this 403 error is a result of misconfigured IAM permissions of the Lambda@Edge function.

It appears from your response that your Trust Policy for the Lamda@Edge function is correctly configured, which leaves the execution role you specified upon creation of the Lamda@Edge function.

You should select "Create a new role from AWS policy templates", and then select "Basic Lambda@Edge permissions (for CloudFront trigger)" Policy template to correctly configure the IAM permissions for the Lamda@Edge function.

Hope this helps!

For reference: https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/lambda-edge-permissions.html

Ben
beantwortet vor 8 Monaten

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Richtlinien für die Beantwortung von Fragen

Relevanter Inhalt