Skip to content


Repository files navigation

Note: please first test your app with our quick and simple all-in-one solution here: before going through this Lambda@Edge+CloudFront setup process. Once that's debugged and working the way you want it, come back here to configure Lambda@Edge+CloudFront. This will save you hours of headache because debugging/iterating with Cloudfront/Lambda/S3 is slow.

Pre-render CloudFront (via AWS Lambda@Edge)

Github Actions CI

4-minute YouTube video walk-through (2022-04-25 update: AWS UI/UX has slightly changed since video but the video is still accurate):

4min how-to set up lambda@edge for pre-rendering

Server-side rendering (pre-rendering) via Lambda@Edge for single-page apps hosted on CloudFront with an s3 origin. It forwards requests to to be pre-rendered using a headless Chrome browser.

This is a serverless project with a make deploy command that:

  1. serverless.yml deploys 3 functions to Lambda (viewerRequest, originRequest, originResponse)
  2. deploy.js associates them with your CloudFront distribution
  3. create-invalidation.js clears/invalidates your CloudFront cache

Read more:

1. Prerequisites

  1. S3 bucket with index.html and JavaScript files
  2. CloudFront distribution pointing to that S3 bucket (that also has * read access to that bucket)

Start with a new test bucket and CloudFront distribution before modifying your production account:

(it'll be quick because you'll be using the defaults with just 1 exception)

  • S3 bucket in us-east-1 with default config (doesn't need to be public and doesn't need static web hosting)
    • yes, us-east-1 makes things easier (using any other region will require a URL change for your CloudFront origin)
  • CloudFront distribution with S3 origin with default config except:

That's all you need. Now just wait a few minutes for the CloudFront DNS to propogate.

Note, you will not be creating a CloudFront "custom error response" that redirects 404s to index.html, and if you already have one, then remove it - because this project uploads a Lambda@Edge function that replaces that functionality (if you don't remove it, this project won't work).

2. Clone this repo

$ git clone

3. Install Dependencies

Node v14, and npm

$ npm install

4. Hardcode your auth token

Edit handler.js and set your API token (cmd+f for prerenderToken)

note: was previously known as (rebranded 2022-05-01)

5. Edit any other configs (optional)

e.g. botsOnly, removeTrailingSlash in handler.js

6. Remove CloudFront custom error response for 404->index.html

(this step is only necessary if you are using an existing CloudFront distribution)

If you're using an existing CloudFront distribution, you need to remove this feature.

It has to be removed because it prevents the execution of the viewer-request function. This project replicates that functionality (see caveats)

  1. go here:
  2. click on your CloudFront distribution
  3. click the "error pages" tab
  4. make note of the TTL settings (in case you need to re-create it)
  5. and delete the custom error response (because having the custom error response prevents the viewer-request function from executing).

7. Add s3:ListBucket permission to CloudFront user

(this step is only necessary if you want 404s to work)

Since we can't use the "custom error response", and we're implementing it ourselves, this permission is neccessary for CloudFront+Lambda@Edge to return a 404 for a requested file that doesn't exist (only non HTML files will return 404, see caveats below). If you don't add this, you'll get 403 forbidden instead.

  1. go to s3 console
  2. click on the bucket you created in step 1 for this project
  3. click "permissions"
  4. click "bucket policy"
  5. modify the Action and Resource to each be an array, they should look like (change the bucket name in resource as appropriate):
"Action": [
"Resource": [

If you're not editing an IAM policy specifically, the UI/UX checkbox for this in the S3 interface is, for the bucket, under the "Permissions" tab, "List Objects"

You can modify the content of the 404 page in handler.js

8. Lambda@Edge function Deployment (only needs to be done once, or whenever you git pull from this repo)

  1. Make sure there's a "default" section in your ~/.aws/credentials file with aws_access_key_id/aws_secret_access_key that have any of the following permissions: (full root, or see serverless discussion or you can use the following policies, which are almost root: [AWSLambdaFullAccess, AwsElasticBeanstalkFullAccess])
  2. now run: $ CLOUDFRONT_DISTRIBUTION_ID=whateverYourDistributionIdIs make deploy
  3. See the created Lambda function in Lambda:
  4. See the created Lambda function in CloudFront: (refresh it, click your distribution, then the behaviors tab, then the checkbox + edit button for the first item in the list, then scroll to bottom of that page to see "Lambda Function Associations")

9. Deployment (of your single-page application)

  1. sync/push the files to s3
  2. invalidate CloudFront
  3. you're done (no need to deploy the Lambda@Edge function after this initial setup)

caveat: note that has a 5-minute server cache that you can disable, see disableServerCache in handler.js

10. You're done!

Visit a URL associated with your CloudFront distribution. It will take a few seconds for the first request (because it is pre-rendered on the first request). If for some reason the pre-render request fails or times out, the non-pre-rendered request will be cached.

Viewing AWS Logs in CloudWatch

See logs in CloudWatch in region closest to where you made the request from (although the function is deployed to us-east-1, it is replicated in all regions).

To view logs from command line:

  1. use an AWS account with CloudWatchLogsReadOnlyAccess
  2. $ pip install awslogs ( )
    • AWS_REGION=us-west-2 awslogs get -s '1h' /aws/lambda/us-east-1.Lambda-Edge-Prerendercloud-dev-viewerRequest
    • AWS_REGION=us-west-2 awslogs get -s '1h' /aws/lambda/us-east-1.Lambda-Edge-Prerendercloud-dev-originRequest
    • (change AWS_REGION to whatever region is closest to where you physically are since that's where the logs will be)
    • (FYI, for some reason, San Francisco based requests are ending up in us-west-2)

Viewing logs

Sign in to web app and you'll see the last few requests made for your API key.


$ make destroy will attempt to remove the Lambda@Edge functions - but as of Nov 2017, AWS still doesn't allow deleting "replicated functions" - in which case, just unnassociate them from your CloudFront distribution until delete functionality works.

This also means if you attempt to delete and recreate the functions, it will fail - so you'll need to change the name in serverless.yml and deploy.js (just append a v2)

You can also sign into AWS and go to CloudFormation and manually remove things.


  1. If you can't tolerate a slow first request (where subsequent requests are served from cache in CloudFront):
    • crawl before invalidating the CloudFront distrubtion - just hit all of the URLs with and configure a prerender-cache-duration of something longer than the default of 5 minutes (300) - like 1 week (604800).
  2. This solution will serve index.html in place of something like /some-special-file.html even if /some-special-file.html exists on your origin
    • We're waiting for the Lambda@Edge to add a feature to address this
    • in the meantime use the blacklistPaths option (see handler.js)
  3. Redirects (301/302 status codes)
    • if you use <meta name="prerender-status-code" content="301"> to initiate a redirect, your CloudFront TTL must be zero, otherwise CloudFront will cache the body/response and return status code 200 with the body from the redirected path

Updating Node.js runtime

Simply update serverless.yaml to the latest or whatever you prefer and re-deploy: make deploy


  • Read through the console output from the make deploy command and look for errors
  • Check your user-agent if using botsOnly
  • Sometimes (rarely) you'll see an error message on the webpage itself.
  • Check the AWS logs (see section "Viewing AWS Logs in CloudWatch")
  • Check logs (see section "Viewing logs")
  • Sometimes (rarely) there's an actual problem with AWS Lambda and you may just need to re-deploy


Pre-render CloudFront with this Lambda@Edge function. Powered by (formerly named from 2016 - 2022)








No releases published


No packages published