Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

Lambda@Edge Compatibility with VPC Origins in CloudFront

0

I am working on a CloudFront distribution configuration using Terraform, where I would like to use Lambda@Edge functions (origin request hooks) with VPC origins configured through the vpc_origin_config block. Currently, this setup is not supported, as attempting to configure both results in the following error:

"Your request contains a VPC origin with an origin request hook."

I understand that CloudFront doesn't currently allow Lambda@Edge functions to be used with VPC origins due to existing limitations. However, I was wondering if there are plans to support this functionality in the future. Could you please confirm if this feature is on the AWS roadmap?

Topics
Networking & Content Delivery
Tags
Amazon VPCAmazon CloudFrontLambda@EdgeTerraform
Language
English
asked 10 months ago1.2K views
1 Answer
0

You are correct that Lambda@Edge functions are currently not compatible with VPC origins in CloudFront distributions. This limitation exists because Lambda@Edge functions are designed to run at edge locations, while VPC origins are private network configurations.

At present, there is no official announcement or information indicating that support for using Lambda@Edge functions with VPC origins is on the AWS roadmap. AWS continually evolves its services based on customer feedback and technological advancements, but we cannot speculate on future feature releases.

As an alternative solution, you might consider the following approaches:

  1. Use separate origins: You could set up multiple origins in your CloudFront distribution - one for your VPC-based resources and another for content that needs to be processed by Lambda@Edge functions. This way, you can still leverage both features within the same distribution, albeit for different types of content.

  2. API Gateway: If your use case allows, you could place an API Gateway in front of your VPC resources. This would allow you to use Lambda@Edge functions with the API Gateway endpoint as the origin, while still accessing your VPC resources through the API Gateway.

  3. Application Load Balancer: Similar to the API Gateway approach, you could use an Application Load Balancer (ALB) as your CloudFront origin. The ALB can then route requests to your VPC resources, while still allowing you to use Lambda@Edge functions with the ALB endpoint.

  4. CloudFront Functions: Depending on your specific requirements, you might be able to use CloudFront Functions instead of Lambda@Edge. CloudFront Functions are lightweight and have fewer restrictions, although they also have more limited capabilities compared to Lambda@Edge.

Remember to carefully evaluate these alternatives based on your specific use case, performance requirements, and security considerations. If none of these options meet your needs, you may need to redesign your architecture to work within the current limitations of CloudFront and Lambda@Edge.
Sources
Ways to use Lambda@Edge - Amazon CloudFront
Customize at the edge with Lambda@Edge - Amazon CloudFront
Get started with Lambda@Edge functions - Amazon CloudFront

answered 10 months ago
EXPERT
reviewed 10 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content