Lambda URL CloudFront Cache Policy
The Jets Managed CloudFront Distribution creates a default Cache Policy with simple defaults that works right out of the box. You can customize the Cache Policy if needed.
Default Cache Policy
By default, all methods are allowed.
config/jets/deploy.rb
Jets.deploy.configure do
config.lambda.url.cloudfront.default_cache_behavior.allow_methods = %w[HEAD DELETE POST GET OPTIONS PUT PATCH]
# config.lambda.url.cloudfront.default_cache_behavior.properties = {}
end
If you need to adjust DefaultCacheBehavior you can use default_cache_behavior.properties. For the most part, the settings should probably be left to their defaults. If you need to set things like TTL, it’s recommended you set it in the application with response headers.
CloudFront Config Helpers
These helpers look up CloudFront policies. You can use friendly names to lookup their IDs.
cloudfront_cache_policy_id(policy_name)
cloudfront_origin_request_policy_id(policy_name)
cloudfront_response_header_policy_id(policy_name)
Example:
Jets.deploy.configure do
config.lambda.url.cloudfront.enable = true
config.lambda.url.cloudfront.cert.arn = acm_cert_arn(domain: "example.com", region: "us-east-1")
# Direct ID assignment
# config.lambda.url.cloudfront.default_cache_behavior.cache_policy_id = "658327ea-f89d-4fab-a63d-7e88639e58f6"
# config.lambda.url.cloudfront.default_cache_behavior.origin_request_policy_id = "88a5eaf4-2fd4-4709-b370-b4c650ea3fcf"
# config.lambda.url.cloudfront.default_cache_behavior.response_headers_policy_id = "60669652-455b-4ae9-85a4-c4c02393f86c"
# Or helpers
config.lambda.url.cloudfront.default_cache_behavior.cache_policy_id = cloudfront_cache_policy_id("Managed-CachingOptimized")
config.lambda.url.cloudfront.default_cache_behavior.origin_request_policy_id = cloudfront_origin_request_policy_id("Managed-CORS-S3Origin")
config.lambda.url.cloudfront.default_cache_behavior.response_headers_policy_id = cloudfront_response_header_policy_id("Managed-SimpleCORS")
end
Note: Jets stores and lookup map to avoid the AWS API call for common policies and only makes an AWS API SDK call to get the policy id when necessary.
CloudFront CLI Cheatsheet
Here are CLI commands to quickly get a list of available policies.
❯ aws cloudfront list-cache-policies | jq -r '.CachePolicyList.Items[].CachePolicy.CachePolicyConfig.Name'
Managed-Amplify
Managed-CachingDisabled
Managed-CachingOptimized
Managed-CachingOptimizedForUncompressedObjects
Managed-Elemental-MediaPackage
❯ aws cloudfront list-origin-request-policies | jq -r '.OriginRequestPolicyList.Items[].OriginRequestPolicy.OriginRequestPolicyConfig.Name'
Managed-AllViewer
Managed-AllViewerAndCloudFrontHeaders-2022-06
Managed-AllViewerExceptHostHeader
Managed-CORS-CustomOrigin
Managed-CORS-S3Origin
Managed-Elemental-MediaTailor-PersonalizedManifests
Managed-UserAgentRefererHeaders
❯ aws cloudfront list-response-headers-policies | jq -r '.ResponseHeadersPolicyList.Items[].ResponseHeadersPolicy.ResponseHeadersPolicyConfig.Name'
Managed-CORS-and-SecurityHeadersPolicy
Managed-CORS-With-Preflight
Managed-CORS-with-preflight-and-SecurityHeadersPolicy
Managed-SecurityHeadersPolicy
Managed-SimpleCORS
Important: Do not use the Managed-Amplify policy for Lambda Function URLs. It forwards the Host header and Lambda URLs return an error when that happens.
Also, here’s the AWS Docs to the policies.
- Using the managed cache policies
- Using the managed origin request policies
- Using the managed response headers policies
Forwarded Values
If you need more control over the caching behavior you can use ForwardedValues.
Jets.deploy.configure do
config.lambda.url.cloudfront.default_cache_behavior.forwarded_values = {
QueryString: true,
Cookies: {
Forward: "none"
},
Headers: %w[
Authorization
Accept
Referer
]
}
end
The ForwardedValues setting take higher precedence than CachePolicyId setting.
A Jets technical note, when you set ForwardedValues, Jets will remove CachePolicyId and OriginRequestPolicyId from the CloudFormation template. Otherwise, CloudFormation uses the CachePolicyId when both are set.
Note: AWS considers Forwarded Values legacy. You can achieve the same result by creating Custom Managed Policies. The benefit of Custom Managed Policies is that they can be reused. This is particularly useful if you have a manually created CloudFront in front of the Jets Managed one. You can configure both CloudFront Cache Behaviors to use the same policy.