[cloudfront] [lambda] Cross-region Lambda construct for Lambda@Edge
See original GitHub issueCreate a construct (e.g., EdgeLambda
) which facilitates defining Lambda functions cross-region.
Use Case
CloudFront is a “global” service, but requires that both certificates and Lambda@Edge functions be defined in us-east-1
(N Virginia) to use them with a distribution. This creates a lot of overhead for users who have stacks that include CloudFront in different regions.
Customers must have separate stacks to host the Lambda function, then use SSM (or another alternative) to communicate the ARN between stacks. See https://github.com/aws/aws-cdk/issues/1575#issuecomment-674767075 for a detailed explanation of the process as it exists today.
Proposed Solution
The other CloudFront-constrained service (AWS Certificate Manager) has a custom resource for this purpose: DnsValidationCertificate
. Stealing ideas from that pattern may be useful. One of the complications for Lambda (vs ACM) is that Lambda functions often require assets, which is more heavy-weight than just passing the defining parameters/props.
CodePipeline has a mechanism for cross-region deployments (see the README section titled ‘Cross-region CodePipelines’). This relies on creating sub-stacks in the target region with defined buckets for replicating the assets:
This is a 🚀 Feature Request
Issue Analytics
- State:
- Created 3 years ago
- Reactions:33
- Comments:5 (2 by maintainers)
Top GitHub Comments
@jbaileyashe Unfortunately no. We have name suffix randomizer component added to our Lambda@Edge functions so that each time we make change new function is deployed (rather than changed/deleted) and associated to our CF distro. Then we clean them up later on through scheduled task thru Gitlab CI/CD.
Edit:
https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/lambda-edge-delete-replicas.html and https://aws.amazon.com/blogs/networking-and-content-delivery/managing-lambdaedge-and-cloudfront-deployments-by-using-a-ci-cd-pipeline/
⚠️COMMENT VISIBILITY WARNING⚠️
Comments on closed issues are hard for our team to see. If you need more assistance, please either tag a team member or open a new issue that references this one. If you wish to keep having a conversation with other community members under this issue feel free to do so.