0

I am trying to set up an event trigger lambda@Edge function from cloudFront.

This function needs to access the database and replace the url's metadata before distributing out to users.

Issues I am facing:

  • My DocumentDB is placed in a VPC private subnet. Can't be accessed outside the VPC.
  • My Lambda edge function can't connect to my VPC since they are both in different region.

The method I had in mind is to create an API in my web server(public subnet) for my lambda function to call, but this seems like not a very efficient method

Appreciate If you can give me some advice or an alternative way for implementation.

Thanks in Advance

Jackal
  • 493
  • 1
  • 5
  • 16

2 Answers2

0

Lambda@Edge has a few limitations you can read about here. Among them is:

  • You can’t configure your Lambda function to access resources inside your VPC.

That means the VPC being in another region is not your problem, you just can't place a Lambda @ Edge function in any VPC.

The only solution I can think of is making your DocumentDB available publicly on the internet, which doesn't seem like a great idea. You might be able to create a security group that only allows access from the CloudFront IP-Ranges although I couldn't find out if Lambda@Edge actually uses the same ranges :/

Generally I'd avoid putting too much business logic in Lambda@Edge functions - keep in mind they're run on every request (or at the very least every request to the origin) and increase the latency for these requests. Particularly network requests are expensive in terms of time, more so if you communicate across continents to your primary region with the database.

If the information you need to update the URLs metadata is fairly static, I'd try to serialize it and distribute it in the lambda package - reading from local storage is considerably cheaper and faster.

Maurice
  • 11,482
  • 2
  • 25
  • 45
  • 1
    Thanks for the advice. But I cant find an alternative way for serving dynamic metadata – Jackal Jan 14 '21 at 07:57
  • Can you elaborate on your use case? – Maurice Jan 14 '21 at 08:07
  • Each user has a unique url, this url is to be shared through social media. e.g. WhatsApp, Facebook Within the url, it includes a productID. 

With this productID, I want to be able query db with productId and replace the root index.html ’s meta data. e.g. Title, description – Jackal Jan 14 '21 at 08:22
  • Is that not something your web application in the backend can handle or is it a single page application? – Maurice Jan 14 '21 at 08:25
  • it is a single page application. I am using Angular in the frontend and NodeJs in the backend – Jackal Jan 14 '21 at 08:26
  • Getting that info client-side from an API is not an option? – Maurice Jan 14 '21 at 08:28
  • The API will only be triggered when user's click on the link. – Jackal Jan 14 '21 at 08:34
  • and precisely I need the info on preview-mode when shared. – Jackal Jan 14 '21 at 08:37
  • Ah, I see - you might want to consider moving that data to DynamoDB, it's much easier to expose that safely to other AWS services. – Maurice Jan 14 '21 at 09:01
0

You can create a VPC endpoint to access private resources. This is for example possible for a RDS. Not sure it is yet supported for DocumentDB

wolfgang unger sccbrasil
  • 26
  • 2