yvele / aws-cfn-custom-resource-lambda-edge Goto Github PK
View Code? Open in Web Editor NEW๐ AWS CloudFormation custom resource that allows deploying Lambda@Edge from any region
License: Apache License 2.0
๐ AWS CloudFormation custom resource that allows deploying Lambda@Edge from any region
License: Apache License 2.0
Hi,
First I would to like thank you for this project, you did a great job and it helped me set up cloudfront lambda@edge on my current project.
I have a little problem regarding graceful deletion of my stack when using your custom resources. The stack always fails to delete itself because the lambda@edge function cannot be deleted.
Do you have any tips on how we could manage a graceful stack deletion using your custom resource ?
Thanks for your help !
Hi there,
I'm trying to get Lambda@edge working on eu-west and following your comments and library. Everything seemed to have installed fine and now i'm trying to get this example: https://aws.amazon.com/blogs/networking-and-content-delivery/resizing-images-with-amazon-cloudfront-lambdaedge-aws-cdn-blog/, working on eu-west-1 but i'm running into a lot of problems.
See here my full template. Any idea on what could be the issue?
AWSTemplateFormatVersion: 2010-09-09
Transform: AWS::Serverless-2016-10-31
Resources:
ImageBucketPolicy:
Type: AWS::S3::BucketPolicy
Properties:
Bucket: toms-test-bucket
PolicyDocument:
Statement:
- Action:
- s3:GetObject
Effect: Allow
Principal: "*"
Resource: arn:aws:s3:::toms-test-bucket
- Action:
- s3:PutObject
Effect: Allow
Principal:
AWS: !GetAtt EdgeLambdaRole.Arn
Resource: arn:aws:s3:::toms-test-bucket
- Action:
- s3:GetObject
Effect: Allow
Principal:
AWS: !GetAtt EdgeLambdaRole.Arn
Resource: arn:aws:s3:::toms-test-bucket
EdgeLambdaRole:
Type: "AWS::IAM::Role"
Properties:
AssumeRolePolicyDocument:
Version: "2012-10-17"
Statement:
Effect: "Allow"
Principal:
Service:
- "lambda.amazonaws.com"
- "edgelambda.amazonaws.com"
Action:
- "sts:AssumeRole"
Path: "/service-role/"
ManagedPolicyArns:
- "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
ViewerRequestFunction:
Type: AWS::Serverless::Function
Properties:
CodeUri: s3://fot-lambda-code-bucket/cloudfront/viewer-request-function.zip
Handler: index.handler
Runtime: nodejs14.x
MemorySize: 128
Timeout: 1
Role: !GetAtt EdgeLambdaRole.Arn
ViewerRequestFunctionVersion:
Type: "AWS::Lambda::Version"
Properties:
FunctionName: !Ref ViewerRequestFunction
Description: "A version of ViewerRequestFunction"
OriginResponseFunction:
Type: AWS::Serverless::Function
Properties:
CodeUri: s3://fot-lambda-code-bucket/cloudfront/origin-response-function.zip
Handler: index.handler
Runtime: nodejs14.x
MemorySize: 512
Timeout: 5
Role: !GetAtt EdgeLambdaRole.Arn
OriginResponseFunctionVersion:
Type: "AWS::Lambda::Version"
Properties:
FunctionName: !Ref OriginResponseFunction
Description: "A version of OriginResponseFunction"
MyDistribution:
Type: AWS::CloudFront::Distribution
Properties:
DistributionConfig:
Origins:
- DomainName: toms-test-bucket.s3.eu-west-1.amazonaws.com
Id: myS3Origin
S3OriginConfig: {}
Enabled: 'true'
Comment: distribution for content delivery
DefaultRootObject: index.html
DefaultCacheBehavior:
TargetOriginId: myS3Origin
LambdaFunctionAssociations:
- EventType: 'viewer-request'
LambdaFunctionARN: !Ref ViewerRequestFunctionVersion
- EventType: 'origin-response'
LambdaFunctionARN: !Ref OriginResponseFunctionVersion
ForwardedValues:
QueryString: 'true'
QueryStringCacheKeys:
- d
Cookies:
Forward: 'none'
ViewerProtocolPolicy: allow-all
MinTTL: '100'
SmoothStreaming: 'false'
Compress: 'true'
PriceClass: PriceClass_All
ViewerCertificate:
CloudFrontDefaultCertificate: 'true'
# Unused Lambda function only to get `CodeUri` working
EdgeOriginRequestSource:
Type: AWS::Serverless::Function
Properties:
CodeUri: ./src
AutoPublishAlias: live # Required to get `Version` parameter and force publication
# Custom resource to "copy" the Lambda in the standard region (us-east-1)
CopyOriginResponseFunctionLambda:
Type: Custom::LambdaEdgeCopy
Properties:
ServiceToken: !ImportValue CustomResourceLambdaEdgeServiceToken
Parameters:
Version: !Ref OriginResponseFunctionVersion
Region: us-east-1
CopyViewerRequestFunctionLambda:
Type: Custom::LambdaEdgeCopy
Properties:
ServiceToken: !ImportValue CustomResourceLambdaEdgeServiceToken
Parameters:
Version: !Ref ViewerRequestFunctionVersion
Region: us-east-1
Outputs:
ImageBucket:
Value: toms-test-bucket
Export:
Name: !Sub "${AWS::StackName}-ImageBucket"
MyDistribution:
Value: !Ref MyDistribution
Export:
Name: !Sub "${AWS::StackName}-MyDistribution"
Hi,
First of all, thank you for creating this resource. I have been developing a small web app in eu-central-1 and it was going fairly well (for a beginner) until I got tripped up by Lambda@Edge only being available in eu-east-1...
I have cloned your repo and ran the install script provided. I am now trying to use the custom resource, however when I deploy the stack it fails and it refers me to have a look in the Cloudwatch logs. The relevant log entries seen below:
2021-02-22T11:16:54.844+02:00 | 2021-02-22T09:16:54.844Z 1497b0ca-72bc-4f2f-854e-33032dcbb69f INFO Wait for stackCreateComplete my-stack-XXXXXXXX-EdgeLambdaViewerRequest |
---|---|
2021-02-22T11:17:56.134+02:00 | 2021-02-22T09:17:56.133Z 1497b0ca-72bc-4f2f-854e-33032dcbb69f ERROR Lambda:Error ResourceNotReady: Resource is not in the state stackCreateComplete at constructor.setError (/var/runtime/node_modules/aws-sdk/lib/resource_waiter.js:182:47) ... |
This is the full stack trace, though not sure if it is helpful
2021-02-22T09:17:56.133Z 1497b0ca-72bc-4f2f-854e-33032dcbb69f ERROR Lambda:Error ResourceNotReady: Resource is not in the state stackCreateComplete
at constructor.setError (/var/runtime/node_modules/aws-sdk/lib/resource_waiter.js:182:47)
at Request.CHECK_ACCEPTORS (/var/runtime/node_modules/aws-sdk/lib/resource_waiter.js:44:12)
at Request.callListeners (/var/runtime/node_modules/aws-sdk/lib/sequential_executor.js:106:20)
at Request.emit (/var/runtime/node_modules/aws-sdk/lib/sequential_executor.js:78:10)
at Request.emit (/var/runtime/node_modules/aws-sdk/lib/request.js:688:14)
at Request.transition (/var/runtime/node_modules/aws-sdk/lib/request.js:22:10)
at AcceptorStateMachine.runTo (/var/runtime/node_modules/aws-sdk/lib/state_machine.js:14:12)
at /var/runtime/node_modules/aws-sdk/lib/state_machine.js:26:10
at Request.<anonymous> (/var/runtime/node_modules/aws-sdk/lib/request.js:38:9)
at Request.<anonymous> (/var/runtime/node_modules/aws-sdk/lib/request.js:690:12) {
code: 'ResourceNotReady',
retryable: false,
time: 2021-02-22T09:17:56.132Z,
statusCode: 200,
retryDelay: 30000
}
This is the relevant part of the template
Distribution:
Type: AWS::CloudFront::Distribution
Properties:
# DependsOn: !Ref EdgeLambda
DistributionConfig:
Enabled: true
PriceClass: PriceClass_100
Comment: my-cf-distribution
HttpVersion: http2
IPV6Enabled: true
ViewerCertificate:
CloudFrontDefaultCertificate: true
CustomErrorResponses:
- ErrorCachingMinTTL: 0
ErrorCode: 400
- ErrorCachingMinTTL: 0
ErrorCode: 403
- ErrorCachingMinTTL: 0
ErrorCode: 404
- ErrorCachingMinTTL: 0
ErrorCode: 405
- ErrorCachingMinTTL: 0
ErrorCode: 414
- ErrorCachingMinTTL: 0
ErrorCode: 416
- ErrorCachingMinTTL: 0
ErrorCode: 500
- ErrorCachingMinTTL: 0
ErrorCode: 501
- ErrorCachingMinTTL: 0
ErrorCode: 502
- ErrorCachingMinTTL: 0
ErrorCode: 503
- ErrorCachingMinTTL: 0
ErrorCode: 504
Origins:
- DomainName: !GetAtt MyBucket.DomainName
Id: S3Origin
S3OriginConfig: {}
CacheBehaviors:
- TargetOriginId: S3Origin
ViewerProtocolPolicy: redirect-to-https
DefaultTTL: 0
MaxTTL: 0
MinTTL: 0
ForwardedValues:
QueryString: false
Cookies:
Forward: none
PathPattern: 'url'
AllowedMethods:
- GET
- HEAD
DefaultCacheBehavior:
TargetOriginId: S3Origin
ViewerProtocolPolicy: redirect-to-https
DefaultTTL: 0
MaxTTL: 0
MinTTL: 0
ForwardedValues:
QueryString: true
Cookies:
Forward: none
AllowedMethods:
- DELETE
- GET
- HEAD
- OPTIONS
- PATCH
- POST
- PUT
LambdaFunctionAssociations:
- EventType: viewer-request
LambdaFunctionARN: !GetAtt EdgeLambdaViewerRequest.FunctionVersion
# Only used to get CodeUri to actual edge lambda function in us-east-1
EdgeLambdaSource:
Type: AWS::Serverless::Function
Properties:
CodeUri: ../src
Handler: edge.lambdaHandler
AutoPublishAlias: live
# Custom resource to "copy" the Lambda in the standard region (us-east-1)
EdgeLambdaViewerRequest:
Type: Custom::LambdaEdge
Properties:
ServiceToken: !ImportValue CustomResourceLambdaEdgeServiceToken
Parameters:
LambdaSourceArn: !Ref EdgeLambdaSource.Version
LambdaRoleArn: !Ref EdgeLambdaRole
EdgeLambdaRole:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Principal:
Service:
- lambda.amazonaws.com
- edgelambda.amazonaws.com
Action: sts:AssumeRole
ManagedPolicyArns:
- arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole
- arn:aws:iam::aws:policy/AWSXRayDaemonWriteAccess
Policies:
- PolicyName: CustomPolicy
PolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Resource: "*"
Action: lambda:InvokeFunction
I suspect that it's not something wrong with your resource and instead something that I'm messing up, but some help would be greatly appreciated.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.