Attend this session to dive deeper into AWS's content delivery service, Amazon CloudFront. Learn how you can use CloudFront to accelerate the delivery of your APIs or applications, including content that cannot be cached, to global clients. We'll also walk you through how you can use Lambda@Edge, which gives you the ability to execute custom code inline with your CloudFront events to customize applications. With Lambda@Edge, you can now generate custom responses right at the edge, allowing you to leverage CloudFront to reduce end-to-end latency and more efficiently filter traffic to your back-end origin servers. We'll walk you through Lambda@Edge use cases and walk through a demo to show how this works.

1. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Alec Peterson, GM Amazon CloudFront
July 27, 2017
Deep Dive on Accelerating Content,
APIs, and Applications with Amazon
CloudFront and Lambda@Edge

2. What to expect from this session
• Amazon CloudFront and AWS Lambda
• Lambda@Edge
• Getting started with Lambda@Edge

3. AWS Core Services
Compute
Storage
Database
Edge
Edge Services: A core infrastructure component
Users can access
application
resources directly
Customer
Application
Edge services include
CloudFront, Route 53,
AWS WAF, AWS Shield,
AWS Elemental

4. AWS Core Services
Edge Services: A core infrastructure component
Users can access application resources
through the Edge to secure, scale, and
optimize applications
Compute
Storage
Database
Edge
Customer
Application
AND/OR

5. Edge: AWS global network of
points of presence (POPs) on the
backbone of the Internet –
Amazon CloudFront

6. 79 Edge locations
11 regional Edge caches
48 cities
21 countries
5 continents
79 Edge locations + 11 regional Edge caches

7. CloudFront: Global content delivery network
 Accelerate your application and APIs
 Include static content such as images and video
 Massively scalable
 Highly secure
 Self-service
 Priced to minimize cost

8. Dynamic
Static
Video
User
input
SSL/TLS
CloudFront delivers ALL types of content

9. Without having to change your backend…
ALB/ELB
Dynamic content
Amazon EC2
Static content
Amazon S3 Custom origin
OR
OR
Custom origin
Amazon CloudFront
example.com
*.jpg
*.php

10. AWS Lambda: Serverless
Computing

11. Traditional programming model
• A persistent process that
processes events
• Handles message queue and
network connections
• Code includes ‘event handling’
AND logic to process the event
• Developer manages server
infrastructure for application
• Developer owns forecasting
demand and scaling
• Revolves around an event
source
• E.g., CloudFront request
or Amazon S3 PUT
• Your code is only the event
handling code itself
• No servers to manage
• Scaling is all managed by
AWS
Serverless programming model

12. AWS Lambda: Serverless computing
Run code without servers. Pay only for the compute time you consume. Be happy.
Triggered by events or called from APIs:
• PUT to an Amazon S3 bucket
• Updates to Amazon DynamoDB table
• Call to an Amazon API Gateway endpoint
• Mobile app backend call
• CloudFront requests
• And many more…
Makes it easy to:
• Perform real-time data processing
• Build scalable backend services
• Glue and choreograph systems

13. Benefits of AWS Lambda
Continuous
scaling
No servers to
manage
Never pay for idle
– no cold servers
(only happy
accountants)

14. Lambda programming model – sync vs. async
• Synchronous
• Execution is serialized with the requesting event
• End viewer can depend on function execution –
the result of the execution may be used to
influence the requesting event
• All existing Lambda@Edge events are
synchronous
• Asynchronous
• Execution is parallelized with the requesting event
• The result of the Lambda execution may not be
used to influence the requesting event
• E.g., batch processing of logs and responding to
an Amazon S3 object PUT

15. AWS Lambda@Edge:
Serverless Edge Computing

16. Introducing Lambda@Edge
• Lambda@Edge is an extension of AWS Lambda that allows you to run
Node.js code at global AWS locations
• Bring your own code to the Edge and customize your content very close to
your users, improving end-user experience
Continuous
scaling
No servers
to manage
Never pay for idle
– no cold servers
Globally
distributed

17. CloudFront triggers for Lambda@Edge
functions

18. CloudFront triggers for Lambda@Edge
functions
CloudFront cache
End user
Origin
server
Viewer request Origin request
Origin responseViewer response

19. Lambda@Edge events
• All Lambda@Edge invocations are synchronous
• Request events
• URI and header modifications can change the object being requested
• Viewer request can change the object being requested from the CloudFront
cache and the origin
• Origin request can change the object or path pattern being requested from the
origin
• Response events
• Origin response can modify what is cached and generate cacheable responses
to be returned to the viewer
• Viewer response can change what is returned to the viewer
CloudFront
cache
End user Origin
server
Viewer request Origin request
Origin responseViewer response

20. Write once, run everywhere
AWS
Location
AWS
Location
AWS
Location
AWS
Location
Origin server
AWS
Location

21. Lambda@Edge functionality
• Read and write access to headers, URIs, and
cookies across all triggers
• Ability to generate custom responses from
scratch
• Access to make network calls to external
resources on origin-facing hooks

22. Lambda@Edge event structure
{
"Records": [ {
"cf": {
"config": {
"distributionId": "EDFDVBD6EXAMPLE"
},
"request": {
"clientIp": "2001:0db8:85a3:0:0:8a2e:0370:7334",
"method": "GET",
"uri": "/picture.jpg",
"headers": {
"host": [ {
"key": "Host",
"value": "d111111abcdef8.cloudfront.net"
} ],
"user-agent": [ {
"key": "User-Agent",
"value": "curl/7.51.0"
} ]
}
}
]
}
Request and distribution
information
Event data – headers,
clientIP, user agent

23. Lambda@Edge function structure
'use strict';
exports.handler = (event, context, callback) => {
const request = event.Records[0].cf.request;
// No-op
callback(null, request);
return;
}

24. So, what can I do with
Lambda@Edge?

25. Highly personalized websites
• Redirect viewers to the optimal
experience based on their location,
language preferences, and device type

26. Highly personalized websites – how?
• Trigger: Viewer request
• Inputs
• Requested URL
• Device type (i.e., User-Agent)
• Existing session data
• Output
• Generate a response directly from Lambda@Edge,
specifically a redirect to the most relevant experience (e.g. ,
cropped images and mobile sites for mobile users)

27. Pretty URLs
• Rewrite the URL end user's request
to serve content without exposing
your team’s internal directory
structure and organization
• Provide customized experiences
without compromising consistency in
what your viewers see

28. Pretty URLs – how?
• Trigger: Origin request
• Inputs
• URL requested
• Outputs
• Rewrite the requested URL, which will be passed to the origin
• The response will be cached based on what the customer
requested to serve subsequent requests (i.e., the pretty URL)

29. Authorization at the Edge
• Inspect cookies or custom headers to
authenticate clients right at the edge
• Enforce paywalls at the Edge to gate
access to premium content to only
authenticated viewers

30. Authorization at the Edge – how?
• Trigger: Viewer request
• Prerequisites
• The customer must have previously authenticated against your authoritative
service, resulting in some sort of authorization credential. Typically this is a
cookie.
• Inputs
• URL
• Authorization credential (cookie)
• Outputs
• Allow the request to succeed if the request is authorized. If not, either return
a 403 response or redirect to an authentication page

31. A/B testing
• ‘Flip a coin’ to select a
version of content
displayed to each user
on an asset level
• Set cookies to ensure
that users continue to
see the right versions
of content

32. A/B testing – how?
• Trigger: Viewer request
• Inputs
• URL
• Cookies
• Outputs
• If the A/B testing cookie is set, rewrite the requested URI to
be the correct content version
• If it is not set, flip a coin and set the cookie accordingly.

33. Limited access to content
• Enforce timed access to content
at the edge
• Make a call to an external
authentication server to confirm
if a user’s session is still valid
• Forward valid requests to the
origin, and serve redirects to
new users to login pages

34. Limited content access – How?
• Trigger: Origin request
• Inputs
• URL/cookies
• Access to external user-tracking database
• Outputs
• If a customer requests content for specific URLs or with
specific cookies, make a request to the external server to
confirm session validity.
• Based on response from external server, serve content, or
redirect to a login page.

35. Response generation at the Edge
Generate an HTTP response to end
user requests arriving at AWS locations:
• Generate customized error pages
and static websites directly from Edge
locations
• Combine content drawn from multiple
external resources to dynamically
build websites at the Edge

36. Response generation – how?
• Viewer or origin request event
• Inputs
• URI
• Headers
• Outputs
• Custom response based on URI and headers

37. Let’s see it in action
Demo Time!

38. Lambda@Edge: Getting Started

39. Lambda@Edge pricing
Just as with Lambda today, Lambda@Edge is priced on two
dimensions:
• $0.60 / million function executions
• $0.0225 per hour of execution duration (128 MB per function, metered at
50ms granularity)
For example - 10 million executions, 50ms each time
• Total charges = Compute charges (10M * 0.05 sec * ($0.0225 / 3600) =
$3.13) + Request charges (10M * $0.6/M = $6.00) = $3.13 + $6.00 = $9.13
per month

40. Recap – using Lambda@Edge
Bring your own code
• Self-service through the
Lambda console
Familiar programming
model
• Standard Node.js-6.10
Write once, run everywhere
• Automatically deployed to the AWS network
of 79 Edge locations
• Requests are routed to the locations closest
to your end users across the world
Functionalities:
- Modify response header
- CloudFront response generation
- CloudFront HTTP redirect
- A/B testing
Benefits:
- Simple remote call at origin-facing hooks
- Cacheable static content generation
- Content generation with remote calls

41. Lambda@Edge – let’s get started
• Sign up: https://aws.amazon.com/lambda/edge

42. Thank you!

43. Remember to complete
your evaluations!