Why cloudfront authorize GET method even we enable AWS_IAM for lambda URL

0

Hello,

I want to ask why cloudfront authorize GET method even we enable AWS_IAM for lambda URL? as I see by default I can use that method without any configuration.

profile picture
Bach
asked 22 days ago49 views
1 Answer
1
Accepted Answer

Hello,

CloudFront authorizes GET requests by default for performance reasons., It's designed to handle HTTP requests efficiently, and GET is one of the most common methods used to retrieve data.

AWS_IAM is for security. It verifies if a request is authorized before sending it to your Lambda function.

Both work together: CloudFront handles the request, and AWS_IAM checks if it's allowed.

WHY:

Because CloudFront's cache behavior is typically configured to allow public access to GET requests. To enforce AWS_IAM authorization, you need to ensure that the CloudFront behavior is set up to require signed URLs or restrict access via an origin request policy that includes proper authorization headers. Without these additional configurations, CloudFront will continue to authorize GET requests as it does by default.

profile picture
EXPERT
answered 22 days ago
profile picture
EXPERT
Sandeep
reviewed 22 days ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions