- Newest
- Most votes
- Most comments
Did you publish a new version of the function after updating the code? You'll also need to update the CloudFront distribution to point to your new version. Just keep in mind that you can't create triggers for the $LATEST version.
https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/lambda-edge-edit-function.html
The HTTP 502 error you're encountering with the LambdaValidationError suggests that there's an issue with the response your Lambda@Edge function is generating. CloudFront is validating the response and finding it to be invalid. Here are a few things to consider:
-
Response Structure: Ensure that your response object strictly adheres to the structure expected by CloudFront. The response should include status, statusDescription, headers, and body (even if empty).
-
Header Format: Make sure all headers are in the correct format. Each header should be an array of objects, where each object has 'key' and 'value' properties.
-
Status Code: Verify that the status code is a string, not a number.
-
Read-only Headers: Be cautious about modifying read-only headers. Some headers like 'Transfer-Encoding' and 'Connection' cannot be modified.
-
Body Size: If you're including a body, ensure it doesn't exceed the maximum size limit.
To get more information about the error:
-
CloudWatch Logs: Enable CloudWatch Logs for your Lambda@Edge function. This can provide more detailed error messages and stack traces.
-
Testing: Use the Lambda console to test your function with various inputs. This can help identify issues before deploying to CloudFront.
-
Gradual Rollout: Consider using traffic control features in CloudFront to gradually roll out your changes, allowing you to monitor for errors without affecting all users.
To validate the response before returning it:
-
Schema Validation: Implement a JSON schema validation in your Lambda function to ensure the response matches the expected structure before returning it.
-
Use AWS Lambda Powertools: Consider using the Validation module from AWS Lambda Powertools for Python. It provides decorators and functions to validate both incoming and outgoing data against JSON schemas.
By implementing these suggestions and carefully reviewing your Lambda@Edge function's response structure, you should be able to resolve the validation error and successfully implement your 301 redirects.
Sources
Test and debug Lambda@Edge functions - Amazon CloudFront
HTTP 502 status code (Bad Gateway) - Amazon CloudFront
Validation - Powertools for AWS Lambda (Python)
I've found for a CloudFront Origin Response the only code that is working is to modify the response that was sent in. I get a validation error if any other headers in the response are modified or if I use a clean, minimal response.
(The error in the example I posted in the original question seems to be that the Content-Type header was cleared. Modifying any other headers can trigger a validation error.)
Working Code - Lambda@Edge with Origin Response Trigger:
'use strict';
export const handler = (event, context, callback) => {
console.log('>>>',JSON.stringify(event));
let request = event.Records[0].cf.request;
let response = event.Records[0].cf.response;
let headers = response.headers;
if (request.uri == '/one.html') {
// Body Description
response.body = 'Minimal 301 Redirect, Modify Response';
// Set new headers
headers['location'] = [{key: 'Location', value: 'https://www.thriftyfun.com/two.html'}];
// Set status and description
response.status = '301';
response.statusDescription = 'Moved Permanently';
}
console.log('<<<',JSON.stringify(response));
// Return modified response
callback(null, response);
};
Validation Error - - Lambda@Edge with Origin Response Trigger:
'use strict';
export const handler = (event, context, callback) => {
console.log('>>>',JSON.stringify(event));
let request = event.Records[0].cf.request;
let response = event.Records[0].cf.response;
if (request.uri == '/one.html') {
// Return clean minimal response
response = {
body: 'Minimal 301 Redirect, Clean Response',
headers: {
location: [{
key: 'Location',
value: 'https://www.thriftyfun.com/two.html'
}]
},
status: '301',
statusDescription: 'Moved Permanently'
};
}
console.log('<<<',JSON.stringify(response));
// Return modified response
callback(null, response);
};
My reading of the documentation, like this page, suggests that the latter code should work. And what's tricky is that it does work in other cases. I'm using minimal responses in CloudFront Functions. https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/lambda-generating-http-responses.html#lambda-generating-http-responses-in-requests
I’m using an Origin Request Lambda@Edge function to rewrite the incoming request URI based on a computed value. If that value ever contains an invalid character (for example, a space), CloudFront throws a LambdaValidationError as well. To troubleshoot, first enable CloudFront access logs (or real-time logs) for the distribution. That will let you see exactly what URI is being sent to Lambda and where it’s being rejected.
Relevant content
- asked a year ago
- asked 2 years ago
- asked 3 months ago
- AWS OFFICIALUpdated 9 months ago
- AWS OFFICIALUpdated 4 years ago
- AWS OFFICIALUpdated 4 months ago
This hasn't been the problem but is definitely something I've struggled with as I've gotten my testing going.
Upload new code, test against sample event, deploy to CloudFront, wait a couple minutes for propagation to edge, run live test, check in logs to ensure new version of Lambda code is running.