Open anthonyLock opened 2 days ago
@anthonyLock Good afternoon. Thanks for reporting the issue. Looks like you are using the custom handler for your Lambda function. Please confirm the following:
The bucket you are attempting to access must be addressed using the specified endpoint...
is thrown? Is it your Lambda function?AWS_REGION
environment variable (refer Defined runtime environment variables). If not, you could try setting this environment variable using environment
property of NodejsFunctionProps
as specified at NodejsFunction.Thanks, Ashish
@ashishdhingra
The error message is shown when I do a request to the cloud front URL after everything is deployed. It is in the response.
I am using the typescript CloudFrontRequestHandler
type to define the Handler type. This comes from import { CloudFrontRequestHandler } from "aws-lambda";
as suggested in here
The lambda is not making any SDK request but is checking a cookie that is a JWT from cognito, using CognitoJwtVerifier
from import { CognitoJwtVerifier } from "aws-jwt-verify";
The lambda itself is running ok and returning the event as suggested in the blog post https://aws.amazon.com/blogs/networking-and-content-delivery/authorizationedge-using-cookies-protect-your-amazon-cloudfront-content-from-being-downloaded-by-unauthenticated-users/
I am getting cloudwatch logs saying the execution time with it running successfully.
After some further digging I tried the following in my typescript code changing returning the event to using the callback. This worked
export const lambdaHandler: CloudFrontRequestHandler = async (
input,
_context,
callback
) => {
const event = input.Records[0].cf.request;
// Do custom auth stuff
callback(null, event);
return;
}
In all the exmples on this page https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/lambda-examples.html they use the callback function given. However according to https://docs.aws.amazon.com/lambda/latest/dg/typescript-handler.html#typescript-handler-callback it says We recommend that you use [async/await](https://docs.aws.amazon.com/lambda/latest/dg/typescript-handler.html#async-typescript) to declare the function handler instead of using callbacks
Knowing this I may have created a issue in the wrong place. Please let me know if it is more appropriate to recreate it elsewhere,
Describe the bug
I have a bucket in eu-west-2 and have recently created a cloudfront distribution and lambda@edge to serve the content. The lambda is a viewer request. The lambda@edge and cloudfront are in us-east-1.
For an authentication step I have added in a lambda following the following blog post https://aws.amazon.com/blogs/networking-and-content-delivery/authorizationedge-using-cookies-protect-your-amazon-cloudfront-content-from-being-downloaded-by-unauthenticated-users/
The Bucket is defined in a different CDK stack.
I have got everything working great without the lambda and cloudfront delivers the content as expected. However as soon as I add in the lambda I am getting the following message
I have followed the advice in this issue https://github.com/aws/aws-cdk/issues/9556 and still having the same problem.
My lambda code is
My CDK looks like
I also have all the permissions and bucket policies but have not added to above as the cloudfront is working without the EdgeLambdas so I am pretty sure it is not due to that.
Regression Issue
Last Known Working CDK Version
No response
Expected Behavior
Expect to serve the content both with and without the lambda running
Current Behavior
Reproduction Steps
I have also tried changing Origin to a group
Possible Solution
No response
Additional Information/Context
No response
CDK CLI Version
2.160.0 (build 7a8ae02)
Framework Version
No response
Node.js Version
v18.18.2
OS
ubunbu on wsl
Language
Go
Language Version
1.23
Other information
No response