Skip to content

aws-samples/sample-lambda-edge-routing

BranchesTags

Repository files navigation

Lambda@Edge Traffic Routing with CDK

A CDK application that implements intelligent traffic routing using Lambda@Edge functions, DynamoDB global tables, and CloudFront distribution with comprehensive security and monitoring.

Architecture

  • DynamoDB Global Tables: User routing data replicated across regions
  • Lambda@Edge Functions: Traffic routing and region setting at edge locations
  • CloudFront Distribution: Global content delivery with WAF protection
  • AWS Config: Continuous compliance monitoring
  • S3 Buckets: Access logs and configuration storage
  • CDK Nag: Security and compliance validation

Prerequisites

  • Python 3.12+
  • AWS CDK CLI
  • AWS CLI configured with appropriate permissions
  • Lambda function code in lambda_code/ directories

Installation

  1. Install dependencies:
pip install -r requirements.txt
  1. Bootstrap CDK (if not done previously):
cdk bootstrap

Deployment

  1. Set endpoint context:
cdk deploy --context endpoint=your-origin-domain.com
  1. Deploy with custom suffix (for testing):
cdk deploy --context endpoint=example.com --context suffix=_test
  1. Synthesize without deploying:
cdk synth --context endpoint=example.com

Project Structure

├── app.py                    # CDK app entry point
├── lambdaEdgeCDK.py         # Main stack definition
├── lambda_code/
│   ├── routeTraffic/        # Origin request Lambda@Edge
│   └── setRegion/           # Origin response Lambda@Edge
├── requirements.txt         # Python dependencies
└── generate_nag_report.py   # Report generation

Stack Components

DynamoDB Tables

  • user_ids: User routing configuration
  • app_config: Application settings
  • Global replication to us-west-2 and eu-west-1
  • Point-in-time recovery enabled

Lambda@Edge Functions

  • routeTraffic: Origin request handler
  • setRegion: Origin response handler
  • Python 3.12 runtime
  • Least privilege IAM roles

CloudFront Distribution

  • HTTPS-only origin protocol
  • Custom cache and origin request policies
  • WAF protection with AWS managed rules
  • Access logging to S3
  • TLS 1.2 minimum protocol

Security Features

  • AWS WAF with common rule set
  • S3 bucket encryption
  • IAM least privilege access
  • CloudTrail data plane events
  • AWS Config compliance monitoring

Configuration

Required Context Variables

  • endpoint: Origin domain (required)
  • suffix: Resource name suffix (optional, for testing)

Cleanup

cdk destroy --context endpoint=example.com
make clean  # Remove generated files

Development

Adding Lambda Code

  1. Create function directories under lambda_code/
  2. Add index.py with handler function
  3. Update stack to reference new functions

Modifying Security Rules

  1. Update suppressions in app.py
  2. Run make nag-test to validate
  3. Review generated reports

Monitoring

  • CloudWatch: Lambda execution metrics
  • WAF: Request filtering and blocking
  • S3 Access Logs: Request analysis
  • AWS Config: Resource compliance
  • CDK Nag Reports: Security validation

Troubleshooting

  • Ensure Lambda code exists in lambda_code/ directories
  • Verify AWS credentials and permissions
  • Check CDK bootstrap status
  • Review CloudFormation events for deployment issues

About

No description, website, or topics provided.

Resources

Readme

License

MIT-0 license

Code of conduct

Code of conduct

Contributing

Contributing

Security policy

Security policy
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages