5.1.5

CDN Function

Resource Overview

A CDN Function represents an Amazon CloudFront Function.

CDN Functions are serverless edge compute functions that run across CloudFront edge locations. Once a CDN Function is defined, it gets propagated to all of the AWS edge locations around the world.

These types of functions are specifically built to run at the edge and to handle lightweight HTTP(S) transformations, greatly reducing latency.

CDN Function use cases include:

  • HTTP header manipulations
  • URL rewrites/redirects
  • Cache key normalizations
  • Request authorization (i.e. JWT validation)

More examples, including how to decide when to use CDN Functions vs. Edge Functions, can be found in the CloudFront Functions product overview under Customizing at the edge with CloudFront Functions.

CDN Functions

CDN Functions shares many key benefits with AWS Lambda and Lambda@Edge, such as automatically scaling to usage and pay-per-use pricing models, but need to meet additional requirements and restrictions as described below:

  • Work exclusively with the Node.js runtime
  • Cannot access the network
  • Cannot access the filesystem (including Lambda environment variables)
  • Maximum execution duration of 1 ms
  • Access only to request and response headers (no body content)

In addition to Lambda Function limits, the AWS Developer Guide specifies additional CDN Function limits to consider.

Common CDN Function Concerns

Versioning

The newest version of a CDN Function is automatically published and distributed to edge locations for use when the stack is deployed.

Implementation

CDN Function + CDN

CDN Functions are meant to be implemented alongside a CDN. This is because CDN Functions can only be subscribed to events that occur within a CDN's viewer request cycle.

A CDN Function is associated with one or more CDN distributions, where users have access to the cache behavior and event. The CDN distribution, cache behavior, and event make up the CDN trigger responsible for invoking your CDN Function.

CDN events that can be used to trigger Functions:

  • Viewer Request

    CDN Function is invoked when the CDN receives a request from an end user. Occurs before the CDN checks if the requested data is in its cache.

  • Viewer Response

    CDN Function is invoked when the CDN returns the requested data to the end user. A CDN Function assigned to this event is triggered regardless of whether the data is already present in the CDN's cache.

You can find real-life use case examples of CloudFront Function code in this helpful AWS tutorial.

Service Discovery

A CDN Function cannot reference other resources. However, the following resources can reference a CDN Function and access its ARN as an environment variable when connected by a service discovery (dashed) wire:

  • Function
  • Docker Task

Configurable Properties

Logical ID

The unique identifier used to reference this resource in the stack template. Defining a custom Logical ID is recommended, as it allows you to quickly identify a resource and any associated sub-resources when working with your stack in AWS, or anywhere outside of the Stackery Dashboard. As a project grows, it becomes useful in quickly spotting this resource in template.yaml or while viewing a stack in Template View mode.

The identifier you provide must only contain alphanumeric characters (A-Za-z0-9) and be unique within the stack.

Default Logical ID Example: CdnFunction

IMPORTANT : AWS uses the Logical ID of each resource to coordinate and apply updates to the stack when deployed. On any update of a resource's logical ID (or any modification that results in one), CloudFormation will delete the currently deployed resource and create a new one in its place when the updated stack is deployed.

Code

The source code (in Node.js) for the CDN Function. This is directly embedded in the AWS SAM template like so:

  CdnFunction:
    Type: AWS::CloudFront::Function
    Properties:
      AutoPublish: true
      FunctionCode: |-
        function handler(event)  {
            const response  = event.response;
            const headers  = response.headers;

            if (!headers['access-control-allow-origin']) {
                headers['access-control-allow-origin'] = {value: "*"};
                console.log("Access-Control-Allow-Origin was missing, adding it now.");
            }

            return response;
        }
      FunctionConfig:
        Comment: ''
        Runtime: cloudfront-js-1.0
      Name: !Sub ${AWS::StackName}-CdnFunction

You can find more examples of sample CloudFront Function code in the AWS docs.

Metrics & Logs

All CDN Function logs are aggrergated to the us-east-1 region. To quickly access your CDN Function's logs once it's been deployed, go to the Deployed view of the stack, double-click the CDN Function resource, and click Logs under the Metrics & Logs menu in the panel.

CDN (Content Delivery Network)Database