Serverless Plugin: Support CloudFront Lambda@Edge

What is it?

This is a plugin for the Serverless framework that adds support for associating a Lambda function with a CloudFront distribution to take advantage of the Lambda@Edge features of CloudFront.

Even though CloudFormation added support for Lambda@Edge via its LambdaFunctionAssociations config object, it would be difficult to define a CloudFront distribution in your serverless.yml file's resources that links to one of the functions that you're deploying with Serverless.

Why? Because the LambdaFunctionAssociations array needs a reference to the Lambda function's version (AWS::Lambda::Version resource), not just the function itself. (The documentation for CloudFormation says "You must specify the ARN of a function version; you can't specify a Lambda alias or $LATEST."). Serverless creates the version automatically for you, but the logical ID for it is seemingly random. You'd need that logical ID to use a Ref in your CloudFormation template for the function association.

This plugin hides all that for you - it uses other features in Serverless to be able to programmatically determine the function's logical ID and build the reference for you in the LambdaFunctionAssociations object. It directly modifies your CloudFormation template before the stack is ever deployed, so that CloudFormation does the heavy lifting for you. This 2.0 version of the plugin is thus much faster and easier to use than the 1.0 version (which existed before CloudFormation supported Lambda@Edge).

How do I use it?

There are three steps:

Install the Plugin as a Development Dependency

1npm install --save-dev --save-exact @silvermine/serverless-plugin-cloudfront-lambda-edge

Telling Serverless to Use the Plugin

Simply add this plugin to the list of plugins in your serverless.yml file:

1plugins:
2   - '@silvermine/serverless-plugin-cloudfront-lambda-edge'

Configuring Functions to Associate With CloudFront Distributions

Also in your serverless.yml file, you will modify your function definitions to include a lambdaAtEdge property. That property can be an object if you are associating the function with only a single distribution (or single cache behavior). Or, if you want the same function associated with multiple distributions or cache behaviors, the property value can be an array of objects. Whether you define a single object or an array of objects, the objects all have the same fields, each of which is explained here:

• distribution (required): the logical name used in your Resources section to define the CloudFront distribution.
• eventType (required): a string, one of the four Lambda@Edge event types:
  • viewer-request
  • origin-request
  • viewer-response
  • origin-response
• pathPattern (optional): a string, the path pattern of one of the cache behaviors in the specified distribution if you want this function to be associated with a specific cache behavior. If the path pattern is not defined here, the function will be associated with the default cache behavior for the specified distribution.
• includeBody (optional): a boolean, true if you want to include the body in the request event your function receives. See the AWS docs for more info.

You can also apply global properties by adding the lambdaAtEdge property to your custom section of your serverless.yml. Note: This section currently only supports the follow option:

• retain (optional): a boolean (default false). If you set this value to true, it will set the DeletionPolicy of the function resource to Retain. This can be used to avoid the currently-inevitable CloudFormation stack deletion failure. There are at least two schools of thought on how to handle this issue. Hopefully AWS will have this fixed soon. Use at your own discretion.

For example:

1functions:
2   directoryRootOriginRequestRewriter:
3      name: '${self:custom.objectPrefix}-directory-root-origin-request-rewriter'
4      handler: src/DirectoryRootOriginRequestRewriteHandler.handler
5      memorySize: 128
6      timeout: 1
7      lambdaAtEdge:
8         distribution: 'WebsiteDistribution'
9         eventType: 'origin-request'

Or:

1custom:
2   lambdaAtEdge:
3      retain: true
4
5functions:
6   someImageHandlingFunction:
7      name: '${self:custom.objectPrefix}-image-handling'
8      handler: src/ImageSomethingHandler.handler
9      memorySize: 128
10      timeout: 1
11      lambdaAtEdge:
12         distribution: 'WebsiteDistribution'
13         eventType: 'viewer-request'
14         # This must match a path pattern in a cache behavior of the distribution:
15         pathPattern: 'images/*.jpg'

Or:

1functions:
2   someFunction:
3      name: '${self:custom.objectPrefix}'
4      handler: src/SomethingHandler.handler
5      memorySize: 128
6      timeout: 1
7      lambdaAtEdge:
8         -
9            distribution: 'WebsiteDistribution'
10            eventType: 'viewer-response'
11            # This must match a path pattern in a cache behavior of the distribution:
12            pathPattern: 'images/*.jpg'
13         -
14            distribution: 'OtherDistribution'
15            eventType: 'viewer-response'

Example CloudFront Static Site Serverless Config

Here is an example of a serverless.yml file that configures an S3 bucket with a CloudFront distribution and a Lambda@Edge function:

1service: static-site
2
3custom:
4   defaultRegion: us-east-1
5   defaultEnvironmentGroup: dev
6   region: ${opt:region, self:custom.defaultRegion}
7   stage: ${opt:stage, env:USER}
8   objectPrefix: '${self:service}-${self:custom.stage}'
9
10plugins:
11   - '@silvermine/serverless-plugin-cloudfront-lambda-edge'
12
13package:
14   exclude:
15      - 'node_modules/**'
16
17provider:
18   name: aws
19   runtime: nodejs6.10 # Because this runs on CloudFront (lambda@edge) it must be 6.10 or greater
20   region: ${self:custom.region}
21   stage: ${self:custom.stage}
22   # Note that Lambda@Edge does not actually support environment variables for lambda
23   # functions, but the plugin will strip the environment variables from any function
24   # that has edge configuration on it
25   environment:
26      SLS_SVC_NAME: ${self:service}
27      SLS_STAGE: ${self:custom.stage}
28
29functions:
30   directoryRootOriginRequestRewriter:
31      name: '${self:custom.objectPrefix}-origin-request'
32      handler: src/DirectoryRootOriginRequestRewriteHandler.handler
33      memorySize: 128
34      timeout: 1
35      lambdaAtEdge:
36         distribution: 'WebsiteDistribution'
37         eventType: 'origin-request'
38
39resources:
40   Resources:
41      WebsiteBucket:
42         Type: 'AWS::S3::Bucket'
43         Properties:
44            BucketName: '${self:custom.objectPrefix}'
45            AccessControl: 'PublicRead'
46            WebsiteConfiguration:
47               IndexDocument: 'index.html'
48               ErrorDocument: 'error.html'
49      WebsiteDistribution:
50         Type: 'AWS::CloudFront::Distribution'
51         Properties:
52            DistributionConfig:
53               DefaultCacheBehavior:
54                  TargetOriginId: 'WebsiteBucketOrigin'
55                  ViewerProtocolPolicy: 'redirect-to-https'
56                  DefaultTTL: 600 # ten minutes
57                  MaxTTL: 600 # ten minutes
58                  Compress: true
59                  ForwardedValues:
60                     QueryString: false
61                     Cookies:
62                        Forward: 'none'
63               DefaultRootObject: 'index.html'
64               Enabled: true
65               PriceClass: 'PriceClass_100'
66               HttpVersion: 'http2'
67               ViewerCertificate:
68                  CloudFrontDefaultCertificate: true
69               Origins:
70                  -
71                     Id: 'WebsiteBucketOrigin'
72                     DomainName: { 'Fn::GetAtt': [ 'WebsiteBucket', 'DomainName' ] }
73                     S3OriginConfig: {}

And here is an example function that would go with this Serverless template:

1'use strict';
2
3module.exports = {
4
5   // invoked by CloudFront (origin requests)
6   handler: function(evt, context, cb) {
7      var req = evt.Records[0].cf.request;
8
9      if (req.uri && req.uri.length && req.uri.substring(req.uri.length - 1) === '/') {
10         var uri = req.uri + 'index.html';
11
12         console.log('changing "%s" to "%s"', req.uri, uri);
13         req.uri = uri;
14      }
15
16      cb(null, req);
17   },
18
19};

How do I contribute?

We genuinely appreciate external contributions. See our extensive documentation on how to contribute.

License

This software is released under the MIT license. See the license file for more details.