By using AWS re:Post, you agree to the Terms of Use
/CloudFront does not seem to invoke lambda@edge function/

CloudFront does not seem to invoke lambda@edge function

0

I have a CloudFront distribution. The origin is an S3 object that uses OAI.

I have created a lambda@edge function following directions from https://aws.amazon.com/blogs/compute/implementing-default-directory-indexes-in-amazon-s3-backed-amazon-cloudfront-origins-using-lambdaedge/

Basically, I want the lambda@edge function to redirect URLs ending in / to /index.html. Acting like Apache DirectroyIndex.

The CloudFront distribution works for URLs without the redirect requirement. But CloudFront does not seem to invoke my lamba@edge function.

I have ensured, there is a correct association between the CloudFront distribution and the labda@edge function version.

I made several test requets:

 curl -I https://www.sudheer.net/blog/
HTTP/2 403 
content-type: application/xml
date: Sat, 19 Feb 2022 14:35:38 GMT
server: AmazonS3
x-cache: Error from cloudfront
via: 1.1 5d840d432727e3561fd1a3de915212ca.cloudfront.net (CloudFront)
x-amz-cf-pop: EWR53-C2
x-amz-cf-id: leub-Kgu4Bh9xH4Rn5o7bxs62B1NBO4ViEu6hv-_xtGG7DSQlBFEXw=

I get 403. I did not find any lambda@edge logs in any region.

What could be the issue? How do I go about finding it?

1 Answers
0

A 403 error is a permissions issue. Check if the the IAM role attached to your Lambda@Edge function can be assumed by the service principals lambda.amazonaws.com and edgelambda.amazonaws.com. Here's a documentation for details: https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/lambda-edge-permissions.html#lambda-edge-permissions-function-execution

answered 3 months ago
  • The Lambda@Edge function has the principals:

    {
        "Version": "2012-10-17",
        "Statement": [
            {
                "Sid": "",
                "Effect": "Allow",
                "Principal": {
                    "Service": [
                        "edgelambda.amazonaws.com",
                        "lambda.amazonaws.com"
                    ]
                },
                "Action": "sts:AssumeRole"
            }
        ]
    }

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions