Changing Host in Lambda@Edge for an Origin-Request is forbidden

Question

I have a very simple approach for a PoC:

```
export const handler = async (event, context, callback) => {
    const request = event.Records[0].cf.request;
    console.log(JSON.stringify(request))
    // change Origin --> forbidden
    request.headers.host[0].value = 'picsum.photos';
    
    // uri change only works
    request.uri = '/200/300';
    // query change works too
    request.querystring = 'test=querystring';
    
    callback(null, request);
};
```
I need to change the host to a dynamic target. Like A/B-Testing.

The documentation Lambda@Edge - Restrictions does not state, that the host is a read-only for Origin-Requests. But it always results in a `{"message":"Forbidden"}` as soon as I touch the host.

How can I solve this?

Changing only the URI and/or Query works fine and results in the correct origin request.

Accepted Answer

Based on your code sample, it looks like you're just trying to update the host header - your origin remains unchanged - is this correct?

Normally in this scenario, customers want to send traffic to a different origin, as well as updating the host header.

I suspect the problem might be down the way you are trying to update the header - there is an example [here](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/lambda-examples.html#lambda-examples-content-based-geo-header) which shows how you can update the origin as well as the host header. I'd recommend using the syntax from there.

Changing Host in Lambda@Edge for an Origin-Request is forbidden

Relevant content