Aws-cdk: CloudFront: support for Lambda function associations

Created on 3 Jan 2019 · 7Comments · Source: aws/aws-cdk

Implicitly requested on StackOverflow:

https://stackoverflow.com/questions/53990910/aws-cdk-associate-lambda-function-with-cloudfront-web-distribution

Right now the only way to do this is with CloudFormation overrides.

@aws-cdaws-cloudfront feature-request

Source

rix0rrr

👍3

Most helpful comment

Here's an example: https://github.com/aws/aws-cdk/blob/master/packages/%40aws-cdk/aws-cloudfront/test/integ.cloudfront-lambda-association.ts

thekevinbrown on 3 Jul 2020

👍2

All 7 comments

Has there been any progress on this? I'm running into this issue as well...

It also looks like the solution to https://stackoverflow.com/questions/53990910/aws-cdk-associate-lambda-function-with-cloudfront-web-distribution is out of date, as findChild is not a method on a CloudFrontWebDistribution instance object.

btakita on 10 Nov 2019

It also looks like the solution to https://stackoverflow.com/questions/53990910/aws-cdk-associate-lambda-function-with-cloudfront-web-distribution is out of date, as I'm getting an error:

Lambda@Edge cannot retrieve the specified Lambda function. Update the IAM policy to add pe rmission: lambda:GetFunction for resource: arn:aws:lambda:us-east-1:rest-of-arn:2 and try again. (Service: AmazonCloudFront; Status Code: 400; Error Code: InvalidLambdaFunctionAssociation; Request ID: uuid)

Are there any workarounds one could do to achieve a CloudFormationWebDistribution fronting for a Lambda function?

btakita on 11 Nov 2019

It looks like maybe it's there now? Does this work as documented?

omnigrok on 12 Nov 2019

I tried adding but got the error:

const distribution = new cloudfront.CloudFrontWebDistribution(this,
    `SiteDistribution`, {
        aliasConfiguration: {
            acmCertRef: certificateArn,
            names: [siteDomain],
            sslMethod: cloudfront.SSLMethod.SNI,
            securityPolicy: cloudfront.SecurityPolicyProtocol.TLS_V1_1_2016,
        },
        originConfigs: [
            {
                customOriginSource: {
                    domainName:
                        api.url.replace('https://', '')
                            .split('/')[0]
                },
                // s3OriginSource: {
                //  s3BucketSource: siteBucket
                // },
                behaviors: [{
                    isDefaultBehavior: true,
                    lambdaFunctionAssociations: [{
                        eventType: 'origin-response',
                        lambdaFunction: web_version
                    } as cloudfront.LambdaFunctionAssociation]
                }],
            }
        ],
    })

502 ERROR
The request could not be satisfied.
The Lambda function returned an invalid entry in the headers object: Each header entry in the headers object must be an array. We can't connect to the server for this app or website at this time. There might be too much traffic or a configuration error. Try again later, or contact the app or website owner. 
If you provide content to customers through CloudFront, you can find steps to troubleshoot and help prevent this error by reviewing the CloudFront documentation.

All I want is for Cloudfront to proxy for an existing ApiGateway to Lambda. I'm not sure why Lambda@Edge would be necessary...

btakita on 12 Nov 2019

This is supported now