- Le plus récent
- Le plus de votes
- La plupart des commentaires
Using Lambda@Edge is preferred because it allows you to utilize libraries that may not be available on CloudFront Functions.
Here is a good article describing this in detail: https://medium.com/trackit/cloudfront-functions-vs-lambda-edge-which-one-should-you-choose-c88527647695
In terms of JWT validation, in my opinion you might want to consider CloudFront Functions as it provides the lowest possible latency with available free tier pricing.
Here's a quick comparison table in the document: https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/edge-functions.html#edge-functions-choosing
Meanwhile, here's example CloudFront Functions that validates a JWT in the query string of a request which might be of help: https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/example-function-validate-token.html
Another thing to consider is security. The CloudFront Function can't access KMS or Secrets Manager so you have to store the secret key in the source code. LambdaEdge will allow you to make use of purpose built secure storage to reduce the risk of key exposure. If you ever need to rotate the key, add a new key, etc. This is all a configuration change versus new code.
Contenus pertinents
- demandé il y a 2 mois
- demandé il y a 7 mois
- Réponse acceptéedemandé il y a 7 mois
- Comment résoudre les erreurs 500, 502 et 503 causées par les fonctions Lambda@Edge dans CloudFront ?
AWS OFFICIELA mis à jour il y a 2 ans - AWS OFFICIELA mis à jour il y a 3 ans
- AWS OFFICIELA mis à jour il y a 2 ans
- AWS OFFICIELA mis à jour il y a 2 ans