Sunday, August 10, 2025

Lambda Edge Customization | Overview.


AWS Lambda Edge Customization - Overview.

Scope:

  • Intro,
  • The concept: Lambda@Edge,
  • Lambda@Edge Execution Flow,
  • Customization Capabilities,
  • How Deployment Works,
  • Runtime & Limits,
  • Security & Compliance,
  • Sample Customization Scenarios (Geo-based Redirect),
  • Costs,
  • Best Practices.

Intro:

  • A step-by-step approach on how Lambda Edge works, & where twtech can tweak things around for needs.

1. The concept: Lambda@Edge

  • Lambda@Edge lets twtech to run custom code at AWS CloudFront edge locations 
  • Edge Location is close to twtech users to minimize downtime.
  • Edge Location functions without provisioning servers.
  • Edge Location is essentially Lambda integrated with CloudFront events so that twtech can:
    • Inspect, 
    • Modify, 
    • Generate requests/responses in real time.

Think of Lambda@Edge as:

  • “A programmable CDN (Content Delivery Network) layer.”

2. Lambda@Edge Execution Flow

  • Lambda@Edge functions run in response to CloudFront events, and can be attached at different points in the request/response lifecycle:

Event Type

When It Runs

Common Uses

Viewer Request.

Runs when a request reaches CloudFront before cache lookup.

Auth, request validation, URL rewriting, geolocation-based redirects

Origin Request.

Runs before forwarding to the origin (after cache miss).

Dynamic origin selection, header injection, API calls

Origin Response.

Runs when the origin sends a response to CloudFront.

Response transformation, security headers, A/B testing

Viewer Response.

Runs before the response is sent to the viewer.

Add cookies, security headers, compression

 3. Customization Capabilities

Lambda@Edge gives twtech deep control over:

  •         Headers Add, remove, or modify HTTP headers.
  •         Cookies Read, set, or manipulate cookies.
  •         URLs Rewrite paths, query strings, redirects.
  •         Geo-location Use CloudFront-Viewer-Country to serve region-specific content.
  •         Access Control Block/allow users based on IP, device, auth tokens.
  •         Content Transformation Modify HTML/CSS/JSON before serving.
  •         Origin Routing Dynamically select a backend (multi-region failover, A/B testing).

4. How Deployment Works

     1.     Create Lambda Function in us-east-2 (Ohio) — Lambda@Edge requires this region.
2.     Attach to CloudFront Event via the CloudFront console or API.
3.     AWS Replicates twtech Code to all global edge locations.
4.     Code Runs at the Edge on events twtech has configured.

5. Runtime & Limits

  •         Supported runtimes: Node.js & Python (Java/Go not supported at Edge).
  •         Memory: 128 MB 3,008 MB.
  •         Max execution time:
    •    Viewer events 5 seconds.
    •    Origin events 30 seconds.
  •         Package size limits:
    •    Compressed: 1 MB (inline with CloudFront request)
    •    Uncompressed: 50 MB
  •         No VPC support runs in AWS’s edge-managed infra.

6. Security & Compliance

  •         IAM Policies — Limit what the Lambda can access.
  •         Data Privacy — Edge functions see HTTP data; comply with GDPR/CCPA if processing: 
    • PII (Personal Identification Information). GDPR and CCPA are both data privacy laws, but they differ in their scope and specific requirements. 
    • The GDPR (General Data Protection Regulation) is a European Union law, while the CCPA (California Consumer Privacy Act) is a US state law.
  •         VersioningLambda@Edge requires published versions; aliases won’t work without publishing.

7. Sample Customization Scenarios (Geo-based Redirect)

a) Geo-based Redirect

# javascript
'use strict';
exports.handler = async (event) => {
    const request = event.Records[0].cf.request;
    const country = request.headers['cloudfront-viewer-country'][0].value;
    if (country === 'US') {
        return {
            status: '302',
            statusDescription: 'Found',
            headers: {
                location: [{ key: 'Location', value: '/fr/index.html' }]
            }
        };
    }
    return request;
};

# Sample Customization Scenarios (Dynamic Origin Selection)

b) Dynamic Origin Selection

# javascript

'use strict';
exports.handler = async (event) => {
    const request = event.Records[0].cf.request;
    const hour = new Date().getUTCHours();
    if (hour < 12) {
        request.origin = { custom: { domainName: 'twtechapp.com', 
protocol: 'https' } };
    } else {
        request.origin = { custom: { domainName: ' twtechapp.com', 
protocol: 'https' } };
    }
    return request;
};

8. Costs

  •         Lambda@Edge Execution Cost:
    •    Charged per request (GB-seconds) + data transfer.
  •         CloudFront Requests:
    •    Viewer requests still incur CloudFront request pricing.

9. Best Practices

  •         Keep the function small & efficient (cold starts happen at edge too).
  •         Cache results whenever possible.
  •         Test in a dev distribution before going global.
  •         Use CloudFront test events for simulation.
  • Avoid long-running computations Always remember latency is critical at the edge.



at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Amazon EventBridge | Overview.

Amazon EventBridge - Overview. Scope: Intro, Core Concepts, Key Benefits, Link to official documentation, Insights. Intro: Amazon EventBridg...