aws-cfn-custom-resource-lambda-edge
aws-cfn-custom-resource-lambda-edge copied to clipboard
🏗 AWS CloudFormation custom resource that allows deploying Lambda@Edge from any region
aws-cfn-custom-resource-lambda-edge
![CloudFormation custom resource CloudFormation](https://github.com/yvele/aws-cfn-custom-resource-lambda-edge/raw/master/docs/media/cfn-logo.png)
This project provides a
Custom::Resource
for AWS CloudFormation that copies a provided Lambda to theus-east-1
standard region. This is specially useful to deploy Lambda@Edge from other regions than the standard one.
Motivation
- https://github.com/awslabs/serverless-application-model/issues/635
- https://twitter.com/prestomation/status/971256051516485632
Installation
Clone the repository.
Setup your AWS CLI credentials then run the install script that deploys the CloudFormation custom resource and it's dependencies.
Use the --region
parameter to specify where you want your custom resource to be deployed:
./install.sh --region eu-west-1
The script deploys 3 CloudFormation stacks.
Note that the first stack is a prerequisite that deploys an S3 bucket required by CloudFormation to upload local artifacts. If you already have such bucket, you can skip installing it by providing the optional --package-bucket
parameter:
./install.sh --region eu-west-1 --package-bucket my-package-bucket
Usage
With the default execution role
AWSTemplateFormatVersion: 2010-09-09
Transform: AWS::Serverless-2016-10-31
Resources:
# CloudFront distribution
Distribution:
Type: AWS::CloudFront::Distribution
Properties:
DistributionConfig:
DefaultCacheBehavior:
LambdaFunctionAssociations:
- EventType: origin-request
LambdaFunctionARN: !GetAtt EdgeOriginRequest.FunctionVersion
# Unused Lambda function only to get `CodeUri` working
EdgeOriginRequestSource:
Type: AWS::Serverless::Function
Properties:
CodeUri: ./src
AutoPublishAlias: live # Required to get `Version` parameter and force publication
# Custom resource to "copy" the Lambda in the standard region (us-east-1)
EdgeOriginRequest:
Type: Custom::LambdaEdge
Properties:
ServiceToken: !ImportValue CustomResourceLambdaEdgeServiceToken
Parameters:
LambdaSourceArn: !Ref EdgeOriginRequestSource.Version
With a custom execution role
AWSTemplateFormatVersion: 2010-09-09
Transform: AWS::Serverless-2016-10-31
Resources:
# CloudFront distribution
Distribution:
Type: AWS::CloudFront::Distribution
Properties:
DistributionConfig:
DefaultCacheBehavior:
LambdaFunctionAssociations:
- EventType: origin-request
LambdaFunctionARN: !GetAtt EdgeOriginRequest.FunctionVersion
# Unused Lambda function only to get `CodeUri` working
EdgeOriginRequestSource:
Type: AWS::Serverless::Function
Properties:
CodeUri: ./src
AutoPublishAlias: live # Required to get `Version` parameter and force publication
# Custom resource to "copy" the Lambda in the standard region (us-east-1)
EdgeOriginRequest:
Type: Custom::LambdaEdge
Properties:
ServiceToken: !ImportValue CustomResourceLambdaEdgeServiceToken
Parameters:
LambdaSourceArn: !Ref EdgeOriginRequestSource.Version
LambdaRoleArn: !GetAtt EdgeOriginRequestRole.Arn
# Custom execution role
EdgeOriginRequestRole:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Action: sts:AssumeRole
Principal:
Service:
- lambda.amazonaws.com
- edgelambda.amazonaws.com
ManagedPolicyArns:
- arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole
- arn:aws:iam::aws:policy/AWSXRayDaemonWriteAccess
Policies:
- PolicyName: CustomPolicy
PolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Resource: "*"
Action: lambda:InvokeFunction
License
Apache 2.0 © Yves Merlicco