- 最新
- 投票最多
- 评论最多
Using Lambda@Edge is preferred because it allows you to utilize libraries that may not be available on CloudFront Functions.
Here is a good article describing this in detail: https://medium.com/trackit/cloudfront-functions-vs-lambda-edge-which-one-should-you-choose-c88527647695
In terms of JWT validation, in my opinion you might want to consider CloudFront Functions as it provides the lowest possible latency with available free tier pricing.
Here's a quick comparison table in the document: https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/edge-functions.html#edge-functions-choosing
Meanwhile, here's example CloudFront Functions that validates a JWT in the query string of a request which might be of help: https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/example-function-validate-token.html
Another thing to consider is security. The CloudFront Function can't access KMS or Secrets Manager so you have to store the secret key in the source code. LambdaEdge will allow you to make use of purpose built secure storage to reduce the risk of key exposure. If you ever need to rotate the key, add a new key, etc. This is all a configuration change versus new code.
相关内容
AWS 官方已更新 2 年前- AWS 官方已更新 2 年前
- AWS 官方已更新 10 个月前
