- Newest
- Most votes
- Most comments
It sounds like there may be a few issues at play here. Let's break it down:
-
Lambda@Edge function not triggering: If your Lambda@Edge function is not being triggered on Origin Request as expected, there are a few things to check:
- Ensure that the Lambda@Edge function is correctly associated with the Origin Request event in your CloudFront distribution. Double-check your CloudFront configuration to verify this.
- Make sure the requested object is not already in the CloudFront cache. The Origin Request event only triggers when CloudFront forwards a request to your origin. If the object is cached, the function won't execute.
-
API Gateway authorization: The 401 Unauthorized error suggests that the request is reaching the API Gateway, but it's failing at the authorization step. Since your Lambda authorizer isn't being triggered, it seems the API Gateway is rejecting the request before it gets to that point.
- Check your API Gateway configuration to ensure that the expected custom header is correctly set up as part of the authorization process.
- Verify that the API Gateway resource policy allows requests from CloudFront. You may need to update the policy to explicitly allow CloudFront to access your API.
-
CloudFront to API Gateway setup: Ensure that your CloudFront distribution is correctly configured to forward requests to the API Gateway:
- Check that the origin in CloudFront is correctly set to your API Gateway endpoint.
- If your API Gateway uses a stage (e.g., /prod), make sure this is reflected in your CloudFront origin path settings.
-
Permissions: While you've added the correct service principals to your Lambda@Edge IAM role, also ensure that:
- The role has the necessary permissions to execute the function and interact with other AWS services as needed.
- CloudFront has the required permissions to invoke the Lambda@Edge function.
-
Debugging: To further diagnose the issue:
- Check CloudFront logs to see if there are any errors related to invoking the Lambda@Edge function.
- Temporarily simplify your Lambda@Edge function to just log the incoming request without modifying it. This can help verify if the function is being invoked at all.
- Create a CloudFront invalidation to ensure you're not seeing cached responses.
If after checking these points the issue persists, you may need to review your entire request flow from CloudFront through Lambda@Edge to API Gateway, ensuring each component is correctly configured and has the necessary permissions to interact with the others.
Sources
CloudFront events that can trigger a Lambda@Edge function - Amazon CloudFront
Lambda@Edge Compatibility with VPC Origins in CloudFront | AWS re:Post
Backend and Frontend on same domain Cloudfront error | AWS re:Post
Cloudfront 404 error API Gateway Origin | AWS re:Post
Relevant content
- AWS OFFICIALUpdated 8 months ago
- AWS OFFICIALUpdated 7 months ago
