307 Redirection With AWS Lamda@Edge using Terraform
Lambda@Edge allows you to run AWS Lambda functions at Amazon CloudFront edge locations, enabling you to execute custom logic to modify HTTP requests and responses in real-time. A 307 redirection, in this context, involves responding to a client request with a temporary redirect status code, indicating that the requested resource resides temporarily at a different URI. By leveraging Lambda@Edge, you can dynamically manage redirects based on various conditions like user location, device type, or custom routing rules, enhancing the flexibility and performance of your web applications.
Why Lambda@Edge
Using Lambda@Edge for redirection lets you send users to different web pages based on things like where they’re located or what device they’re using, making sure they get the best experience. It’s super fast because it happens right at the edge of the internet, and it takes some work off your main server, which can save you money.
About this Repo
This repo provides a Terraform module that can be used to deploy Amazon CloudFront and assoicated certificate and have Lambda@Edge associated
Requirements
- An active AWS account with required permission to deploy resources in Kubernetes cluster
- An Understanding of Terraform and usage.
- Terraform CLI with version 1.0.0+
- A web browser that is supported for use with the AWS Management Console. (See the list of supported browsers)
Limitations
They are some constraints when writing a lambda for lambda@edge, they are:
- Must be completed within 5 minutes.
- Maximum memory size is 128mb.
- Total file (package) size must be less than 1mb.
- No environment variable can be used.
Target Architecture
There are 4 Amazon CloudFront events that can be used with this lambda, they are:
- Visitor request
- Visitor response
- Origin request (executed ONLY requested object not in cache)
- Origin response (executed ONLY requested object not in cache)
How to install
Setup
- git clone https://github.com/kalyansundars/307-redirect-lambda-edge-terraform
- Update variable.tf under main folder to the required value.
Install
- terraform init
- terraform apply
Verification
- Verify if Amazon CloudFront and Lambda functions are created on the console under Amazon CloudFront service and Lambda Service.
- Edit the behaviours tab on a required path to check if the lambda function is associated on any of the events
Clean Up
To tear down, run
terraform destroyTroubleshooting
| Issue | Solution |
|---|---|
| Error validating provider credentials | When you run the Terraform apply or destroy command from your local machine, you might encounter an error similar to the following: Error: configuring Terraform AWS Provider: error validating provider credentials: error calling sts:GetCallerIdentity: operation error STS: GetCallerIdentity, https response error StatusCode: 403, RequestID: 123456a9-fbc1-40ed-b8d8-513d0133ba7f, api error InvalidClientTokenId: The security token included in the request is invalid.This error is caused by the expiration of the security token for the credentials used in your local machine’s configuration.To resolve the error, see Set and view configuration settings in the AWS CLI documentation. |
Related Resources
- https://docs.aws.amazon.com/lambda/latest/dg/lambda-edge.html
- https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/lambda-examples.html
- https://github.com/marksteele/edge-rewrite
Additional information
- This Lambda function can further be tweaked to add additional Amazon CloudFront variables such as geo location headers.
