Lambda@Edge function Fails to Execute using Viewer Request Trigger from Cloudfront

Question

My function does not seem to ever execute on accessing my website through the cloudfront servers. Testing the function works as expected, and creates logs in cloudwatch as expected, but I have not been able to trigger the function from Cloudfront.

I followed the instructions from this blog https://levelup.gitconnected.com/nonce-based-csp-with-aws-cloudfront-ae5a6752b9b0

I'm wondering if I'm missing a permission issue or something, but I can't figure it out.

Any help is appreciated

Here are the trust relationships and permissions, respectively
```
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": {
                "Service": [
                    "edgelambda.amazonaws.com",
                    "lambda.amazonaws.com"
                ]
            },
            "Action": "sts:AssumeRole"
        }
    ]
}
```

```
{
	"Version": "2012-10-17",
	"Statement": [
		{
			"Effect": "Allow",
			"Action": "logs:CreateLogGroup",
			"Resource": "arn:aws:logs:xxxxx:*"
		},
		{
			"Effect": "Allow",
			"Action": [
				"logs:CreateLogStream",
				"logs:PutLogEvents"
			],
			"Resource": [
				"arn:aws:logs:xxxxx:*"
			]
		},
		{
			"Action": "s3:GetObject",
			"Effect": "Allow",
			"Resource": "*"
		}
	]
}
```

Thanks,

Liam

Answer

Hi.

Your permissions looks correct. Could you share what your lambda association in cloudfront looks like? On which event have you associated you Lambda function?
Have you checked logs for the function in all regions? When Lambda@edge runs logs will be in the region closest to the Cloudfront POP you are hitting.

Answer

I have similar issue, I have no idea why it is not triggering and there are no logs to find out.

Lambda@Edge function Fails to Execute using Viewer Request Trigger from Cloudfront

相关内容