yvele / aws-cfn-custom-resource-lambda-edge Goto Github PK
View Code? Open in Web Editor NEW๐ AWS CloudFormation custom resource that allows deploying Lambda@Edge from any region
License: Apache License 2.0
aws-cfn-custom-resource-lambda-edge's Issues
Graceful deletion
Hi,
First I would to like thank you for this project, you did a great job and it helped me set up cloudfront lambda@edge on my current project.
I have a little problem regarding graceful deletion of my stack when using your custom resources. The stack always fails to delete itself because the lambda@edge function cannot be deleted.
Do you have any tips on how we could manage a graceful stack deletion using your custom resource ?
Thanks for your help !
'CodeUri' is not a valid S3 Uri of the form 's3://bucket/key
Hi there,
I'm trying to get Lambda@edge working on eu-west and following your comments and library. Everything seemed to have installed fine and now i'm trying to get this example: https://aws.amazon.com/blogs/networking-and-content-delivery/resizing-images-with-amazon-cloudfront-lambdaedge-aws-cdn-blog/, working on eu-west-1 but i'm running into a lot of problems.
See here my full template. Any idea on what could be the issue?
AWSTemplateFormatVersion: 2010-09-09
Transform: AWS::Serverless-2016-10-31
Resources:
ImageBucketPolicy:
Type: AWS::S3::BucketPolicy
Properties:
Bucket: toms-test-bucket
PolicyDocument:
Statement:
- Action:
- s3:GetObject
Effect: Allow
Principal: "*"
Resource: arn:aws:s3:::toms-test-bucket
- Action:
- s3:PutObject
Effect: Allow
Principal:
AWS: !GetAtt EdgeLambdaRole.Arn
Resource: arn:aws:s3:::toms-test-bucket
- Action:
- s3:GetObject
Effect: Allow
Principal:
AWS: !GetAtt EdgeLambdaRole.Arn
Resource: arn:aws:s3:::toms-test-bucket
EdgeLambdaRole:
Type: "AWS::IAM::Role"
Properties:
AssumeRolePolicyDocument:
Version: "2012-10-17"
Statement:
Effect: "Allow"
Principal:
Service:
- "lambda.amazonaws.com"
- "edgelambda.amazonaws.com"
Action:
- "sts:AssumeRole"
Path: "/service-role/"
ManagedPolicyArns:
- "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
ViewerRequestFunction:
Type: AWS::Serverless::Function
Properties:
CodeUri: s3://fot-lambda-code-bucket/cloudfront/viewer-request-function.zip
Handler: index.handler
Runtime: nodejs14.x
MemorySize: 128
Timeout: 1
Role: !GetAtt EdgeLambdaRole.Arn
ViewerRequestFunctionVersion:
Type: "AWS::Lambda::Version"
Properties:
FunctionName: !Ref ViewerRequestFunction
Description: "A version of ViewerRequestFunction"
OriginResponseFunction:
Type: AWS::Serverless::Function
Properties:
CodeUri: s3://fot-lambda-code-bucket/cloudfront/origin-response-function.zip
Handler: index.handler
Runtime: nodejs14.x
MemorySize: 512
Timeout: 5
Role: !GetAtt EdgeLambdaRole.Arn
OriginResponseFunctionVersion:
Type: "AWS::Lambda::Version"
Properties:
FunctionName: !Ref OriginResponseFunction
Description: "A version of OriginResponseFunction"
MyDistribution:
Type: AWS::CloudFront::Distribution
Properties:
DistributionConfig:
Origins:
- DomainName: toms-test-bucket.s3.eu-west-1.amazonaws.com
Id: myS3Origin
S3OriginConfig: {}
Enabled: 'true'
Comment: distribution for content delivery
DefaultRootObject: index.html
DefaultCacheBehavior:
TargetOriginId: myS3Origin
LambdaFunctionAssociations:
- EventType: 'viewer-request'
LambdaFunctionARN: !Ref ViewerRequestFunctionVersion
- EventType: 'origin-response'
LambdaFunctionARN: !Ref OriginResponseFunctionVersion
ForwardedValues:
QueryString: 'true'
QueryStringCacheKeys:
- d
Cookies:
Forward: 'none'
ViewerProtocolPolicy: allow-all
MinTTL: '100'
SmoothStreaming: 'false'
Compress: 'true'
PriceClass: PriceClass_All
ViewerCertificate:
CloudFrontDefaultCertificate: 'true'
# Unused Lambda function only to get `CodeUri` working
EdgeOriginRequestSource:
Type: AWS::Serverless::Function
Properties:
CodeUri: ./src
AutoPublishAlias: live # Required to get `Version` parameter and force publication
# Custom resource to "copy" the Lambda in the standard region (us-east-1)
CopyOriginResponseFunctionLambda:
Type: Custom::LambdaEdgeCopy
Properties:
ServiceToken: !ImportValue CustomResourceLambdaEdgeServiceToken
Parameters:
Version: !Ref OriginResponseFunctionVersion
Region: us-east-1
CopyViewerRequestFunctionLambda:
Type: Custom::LambdaEdgeCopy
Properties:
ServiceToken: !ImportValue CustomResourceLambdaEdgeServiceToken
Parameters:
Version: !Ref ViewerRequestFunctionVersion
Region: us-east-1
Outputs:
ImageBucket:
Value: toms-test-bucket
Export:
Name: !Sub "${AWS::StackName}-ImageBucket"
MyDistribution:
Value: !Ref MyDistribution
Export:
Name: !Sub "${AWS::StackName}-MyDistribution"
Resource not ready error on stack deploy
Hi,
First of all, thank you for creating this resource. I have been developing a small web app in eu-central-1 and it was going fairly well (for a beginner) until I got tripped up by Lambda@Edge only being available in eu-east-1...
I have cloned your repo and ran the install script provided. I am now trying to use the custom resource, however when I deploy the stack it fails and it refers me to have a look in the Cloudwatch logs. The relevant log entries seen below:
| 2021-02-22T11:16:54.844+02:00 | 2021-02-22T09:16:54.844Z 1497b0ca-72bc-4f2f-854e-33032dcbb69f INFO Wait for stackCreateComplete my-stack-XXXXXXXX-EdgeLambdaViewerRequest |
|---|---|
| 2021-02-22T11:17:56.134+02:00 | 2021-02-22T09:17:56.133Z 1497b0ca-72bc-4f2f-854e-33032dcbb69f ERROR Lambda:Error ResourceNotReady: Resource is not in the state stackCreateComplete at constructor.setError (/var/runtime/node_modules/aws-sdk/lib/resource_waiter.js:182:47) ... |
This is the full stack trace, though not sure if it is helpful
2021-02-22T09:17:56.133Z 1497b0ca-72bc-4f2f-854e-33032dcbb69f ERROR Lambda:Error ResourceNotReady: Resource is not in the state stackCreateComplete
at constructor.setError (/var/runtime/node_modules/aws-sdk/lib/resource_waiter.js:182:47)
at Request.CHECK_ACCEPTORS (/var/runtime/node_modules/aws-sdk/lib/resource_waiter.js:44:12)
at Request.callListeners (/var/runtime/node_modules/aws-sdk/lib/sequential_executor.js:106:20)
at Request.emit (/var/runtime/node_modules/aws-sdk/lib/sequential_executor.js:78:10)
at Request.emit (/var/runtime/node_modules/aws-sdk/lib/request.js:688:14)
at Request.transition (/var/runtime/node_modules/aws-sdk/lib/request.js:22:10)
at AcceptorStateMachine.runTo (/var/runtime/node_modules/aws-sdk/lib/state_machine.js:14:12)
at /var/runtime/node_modules/aws-sdk/lib/state_machine.js:26:10
at Request.<anonymous> (/var/runtime/node_modules/aws-sdk/lib/request.js:38:9)
at Request.<anonymous> (/var/runtime/node_modules/aws-sdk/lib/request.js:690:12) {
code: 'ResourceNotReady',
retryable: false,
time: 2021-02-22T09:17:56.132Z,
statusCode: 200,
retryDelay: 30000
}This is the relevant part of the template
Distribution:
Type: AWS::CloudFront::Distribution
Properties:
# DependsOn: !Ref EdgeLambda
DistributionConfig:
Enabled: true
PriceClass: PriceClass_100
Comment: my-cf-distribution
HttpVersion: http2
IPV6Enabled: true
ViewerCertificate:
CloudFrontDefaultCertificate: true
CustomErrorResponses:
- ErrorCachingMinTTL: 0
ErrorCode: 400
- ErrorCachingMinTTL: 0
ErrorCode: 403
- ErrorCachingMinTTL: 0
ErrorCode: 404
- ErrorCachingMinTTL: 0
ErrorCode: 405
- ErrorCachingMinTTL: 0
ErrorCode: 414
- ErrorCachingMinTTL: 0
ErrorCode: 416
- ErrorCachingMinTTL: 0
ErrorCode: 500
- ErrorCachingMinTTL: 0
ErrorCode: 501
- ErrorCachingMinTTL: 0
ErrorCode: 502
- ErrorCachingMinTTL: 0
ErrorCode: 503
- ErrorCachingMinTTL: 0
ErrorCode: 504
Origins:
- DomainName: !GetAtt MyBucket.DomainName
Id: S3Origin
S3OriginConfig: {}
CacheBehaviors:
- TargetOriginId: S3Origin
ViewerProtocolPolicy: redirect-to-https
DefaultTTL: 0
MaxTTL: 0
MinTTL: 0
ForwardedValues:
QueryString: false
Cookies:
Forward: none
PathPattern: 'url'
AllowedMethods:
- GET
- HEAD
DefaultCacheBehavior:
TargetOriginId: S3Origin
ViewerProtocolPolicy: redirect-to-https
DefaultTTL: 0
MaxTTL: 0
MinTTL: 0
ForwardedValues:
QueryString: true
Cookies:
Forward: none
AllowedMethods:
- DELETE
- GET
- HEAD
- OPTIONS
- PATCH
- POST
- PUT
LambdaFunctionAssociations:
- EventType: viewer-request
LambdaFunctionARN: !GetAtt EdgeLambdaViewerRequest.FunctionVersion
# Only used to get CodeUri to actual edge lambda function in us-east-1
EdgeLambdaSource:
Type: AWS::Serverless::Function
Properties:
CodeUri: ../src
Handler: edge.lambdaHandler
AutoPublishAlias: live
# Custom resource to "copy" the Lambda in the standard region (us-east-1)
EdgeLambdaViewerRequest:
Type: Custom::LambdaEdge
Properties:
ServiceToken: !ImportValue CustomResourceLambdaEdgeServiceToken
Parameters:
LambdaSourceArn: !Ref EdgeLambdaSource.Version
LambdaRoleArn: !Ref EdgeLambdaRole
EdgeLambdaRole:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Principal:
Service:
- lambda.amazonaws.com
- edgelambda.amazonaws.com
Action: sts:AssumeRole
ManagedPolicyArns:
- arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole
- arn:aws:iam::aws:policy/AWSXRayDaemonWriteAccess
Policies:
- PolicyName: CustomPolicy
PolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Resource: "*"
Action: lambda:InvokeFunctionI suspect that it's not something wrong with your resource and instead something that I'm messing up, but some help would be greatly appreciated.
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.