Why cloudfront authorize GET method even we enable AWS_IAM for lambda URL
Hello,
I want to ask why cloudfront authorize GET method even we enable AWS_IAM for lambda URL? as I see by default I can use that method without any configuration.
- Language
- English
- Newest
- Most votes
- Most comments
Hello,
CloudFront authorizes GET requests by default for performance reasons., It's designed to handle HTTP requests efficiently, and GET is one of the most common methods used to retrieve data.
AWS_IAM is for security. It verifies if a request is authorized before sending it to your Lambda function.
Both work together: CloudFront handles the request, and AWS_IAM checks if it's allowed.
WHY:
Because CloudFront's cache behavior is typically configured to allow public access to GET requests. To enforce AWS_IAM authorization, you need to ensure that the CloudFront behavior is set up to require signed URLs or restrict access via an origin request policy that includes proper authorization headers. Without these additional configurations, CloudFront will continue to authorize GET requests as it does by default.
Relevant content
- AWS OFFICIALUpdated 4 months ago
Thank you sir, Can you pls give me the link where I can find that information!
AWS Documentation: CloudFront Distribution Configuration
https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-working-with.html
https://docs.aws.amazon.com/lambda/latest/dg/urls-configuration.html