Closed dreamorosi closed 8 months ago
Hey @dreamorosi, excellent suggestion! However, a Q4 2023 CloudFront feature (OAC Lambda) will negate the need for this CloudFront function. When that feature lands, we can enable it by default so Nextjs
Lambdas aren't open to world and more secure. I'll keep this in mind though for the future!
The
src/lambdas/sign-fn-url.ts
function uses the@aws-crypto/sha256-js
module to sign requests to the function url and provide IAM authentication.The same module is used by other AWS projects and works just fine, however it's meant to be an isomorphic package. This means it contains code that make it work on both Node.js and the browser.
For Lambda, and specifically for all the current Node.js runtimes, most of the package is not needed since modern implementations of
node:crypto
can do the job just fine.In other projects of mine I have replaced the package with the following implementation, which should be a drop-in class for the interfaces required by the
SignatureV4
function:The alternative implementation helps reduce the bundle by ~7%, which is admittedly not much, but it's one less dependency to maintain.
Using
@aws-crypto/sha256-js
:Using alternate implementation