Lambda URL CloudFront Distribution
You can put a CloudFront Distribution in of the Lambda Function URL to provide a user-friendly URL endpoint instead of the random endpoint, IE: https://svf6lbpjbdj73voyfzmpexstau0ygxxh.lambda-url.us-west-2.on.aws
Enabling
To enable the Lambda URL CloudFront feature:
config/jets/deploy.rb
Jets.deploy.configure do
config.lambda.url.cloudfront.enable = true
config.lambda.url.cloudfront.cert.arn = acm_cert_arn(domain: "example.com", region: "us-east-1")
config.lambda.url.cloudfront.route53.enable = true
end
The ACM cert must already exist. It must also be in region us-east-1 since CloudFront operates out of that region.
The acm_cert_arn helper method looks up the ARN with the domain name. You can also hard-code the ARN. Example:
Jets.deploy.configure do
# ...
config.lambda.url.cloudfront.cert.arn = "arn:aws:acm:us-east-1:112233445566:certificate/14621e4a-00e9-422a-adec-935a8EXAMPLE"
end
The acm_cert_arn helper method make the config more human-readable and friendly.
Aliases
You can set aliases with a config.
config/jets/deploy.rb
Jets.deploy.configure do
config.lambda.url.cloudfront.enable = true
config.lambda.url.cloudfront.cert.arn = acm_cert_arn(domain: "example.com", region: "us-east-1")
config.lambda.url.cloudfront.aliases = [
"name1.example.com",
"name2.example.com"
]
end
This overrides the conventional aliases.
Conventional Aliases
Jets will create some conventional aliases when not set explicitly. For example, here’s a conventional demo-dev.example.com Cloudfront alias.
JETS_ENV=dev jets deploy => demo-dev.example.com
JETS_ENV=prod jets deploy => demo-prod.example.com
JETS_EXTRA=beta jets deploy => demo-dev-beta.example.com
JETS_EXTRA=2 jets deploy => demo-dev-2.example.com
Related
- CloudFront Assets Distribution: Jets can create a CloudFront distribution and automatically configure it for assets that get precompiled to the
public/assetsfolder byrails assets:precompile. - CloudFront Lambda Distribution: Jets can create a CloudFront distribution and automatically configure it in front of the deployed controller Lambda Function.
- CloudFront Uploads Distribution: Jets can create a CloudFront distribution and automatically configure it for files like your ActiveStorage uploads.
Reference
The table below covers each setting. Each option is configured with config.OPTION. The config. portion is not shown for conciseness. IE: logger.level vs config.logger.level.
| Name | Default | Description |
|---|---|---|
| lambda.url.cloudfront.cert.arn | nil | ACM Cert ARN. Required when using lambda.url.cloudfront.enable = true. Must be in us-east-1 since it’s for CloudFront. This helper method is useful: acm_cert_arn(domain: "example.com", region: "us-east-1") |
| lambda.url.cloudfront.cert.minimum_protocol_version | TLSv1.2_2021 | The TLSv1.2_2021 has been the Cloudfront console default as of 12/24/23. |
| lambda.url.cloudfront.cert.ssl_support_method | sni-only | The distribution accepts HTTPS connections from only viewers that support server name indication (SNI). This is recommended. Most browsers and clients support SNI. |
| lambda.url.cloudfront.default_cache_behavior.allow_methods | %w[HEAD DELETE POST GET OPTIONS PUT PATCH] | Allow methods for the distribution. |
| lambda.url.cloudfront.default_cache_behavior.properties | {} | Default cache behavior properties to merge. Allows overriding the propertes in a general way. |
| lambda.url.cloudfront.default_cache_behavior.viewer_protocol_policy | redirect-to-https | How CloudFront should handle http requests. The default is to redirect http to https. IE: A https upgrade. |
| lambda.url.cloudfront.route53.comment | “Jets managed CloudFront distribution DNS record” | Route53 Record comment. |
| lambda.url.cloudfront.route53.enable | false | Enables creation of the Route53 DNS Records that match the CloudFront aliases. |
| lambda.url.cloudfront.route53.hosted_zone_id | nil | Route53 Hosted Zone ID. This takes higher precedence over hosted_zone_name. |
| lambda.url.cloudfront.route53.hosted_zone_name | nil | Route53 Hosted Zone ID. Allows you to specify the config in a human-readable way. Note route53.domain also works as a convenience. |
| lambda.url.cloudfront.route53.properties | {} | Route53 DNS record properties to merge. Allows overriding the propertes in a general way. |
| lambda.url.cloudfront.route53.ttl | 60 | Route53 DNS TTL. This is only used when lambda.url.cloudfront.route53.use_alias = false and a CNAME is created instead. |
| lambda.url.cloudfront.route53.use_alias | true | Use an A Record with the “Alias” Route53 feature. This allows APEX domains to work with CloudFront distributions. |
| lambda.url.cloudfront.enable | false | Enables CloudFront Distribution in front of the Lambda URL. See: Lambda URL CloudFront Distribution |
| lambda.url.cloudfront.http_version | http2 | HTTP version that you want viewers to use to communicate with CloudFront. |
| lambda.url.cloudfront.ipv6_enabled | true | Enables IPV6 also for CloudFront. |
| lambda.url.cloudfront.origin.custom_origin_config | { HTTPSPort: 443, OriginProtocolPolicy: “https-only” } | Custom origin config. |
| lambda.url.cloudfront.origin.properties | {} | Origin properties to merge. Allows overriding the propertes in a general way. |
| lambda.url.cloudfront.origin.viewer_protocol_policy | redirect-to-https | How CloudFront should handle http requests. The default is to redirect http to https. IE: A https upgrade. |
| lambda.url.cloudfront.price_class | PriceClass_100 | Price class you want to pay for CloudFront. There’s PriceClass_100, PriceClass_200, PriceClass_All. Note, since the lower price classes use less regions, they deploy faster. |
| lambda.url.cloudfront.properties | {} | Properties to merge and override CloudFront Distribution |
| lambda.url.enable | true | Enables Lambda Function URL for the Controller Lambda Function. |