This project provides a
Custom::Resource
for AWS CloudFormation that copies a provided Lambda to theus-east-1
standard region. This is specially useful to deploy Lambda@Edge from other regions than the standard one.
Clone the repository.
Setup your AWS CLI credentials then run the install script that deploys the CloudFormation custom resource and it's dependencies.
Use the --region
parameter to specify where you want your custom resource to be deployed:
./install.sh --region eu-west-1
The script deploys 3 CloudFormation stacks.
Note that the first stack is a prerequisite that deploys an S3 bucket required by CloudFormation to upload local artifacts. If you already have such bucket, you can skip installing it by providing the optional --package-bucket
parameter:
./install.sh --region eu-west-1 --package-bucket my-package-bucket
AWSTemplateFormatVersion: 2010-09-09
Transform: AWS::Serverless-2016-10-31
Resources:
# CloudFront distribution
Distribution:
Type: AWS::CloudFront::Distribution
Properties:
DistributionConfig:
DefaultCacheBehavior:
LambdaFunctionAssociations:
- EventType: origin-request
LambdaFunctionARN: !GetAtt EdgeOriginRequest.FunctionVersion
# Unused Lambda function only to get `CodeUri` working
EdgeOriginRequestSource:
Type: AWS::Serverless::Function
Properties:
CodeUri: ./src
AutoPublishAlias: live # Required to get `Version` parameter and force publication
# Custom resource to "copy" the Lambda in the standard region (us-east-1)
EdgeOriginRequest:
Type: Custom::LambdaEdge
Properties:
ServiceToken: !ImportValue CustomResourceLambdaEdgeServiceToken
Parameters:
LambdaSourceArn: !Ref EdgeOriginRequestSource.Version
AWSTemplateFormatVersion: 2010-09-09
Transform: AWS::Serverless-2016-10-31
Resources:
# CloudFront distribution
Distribution:
Type: AWS::CloudFront::Distribution
Properties:
DistributionConfig:
DefaultCacheBehavior:
LambdaFunctionAssociations:
- EventType: origin-request
LambdaFunctionARN: !GetAtt EdgeOriginRequest.FunctionVersion
# Unused Lambda function only to get `CodeUri` working
EdgeOriginRequestSource:
Type: AWS::Serverless::Function
Properties:
CodeUri: ./src
AutoPublishAlias: live # Required to get `Version` parameter and force publication
# Custom resource to "copy" the Lambda in the standard region (us-east-1)
EdgeOriginRequest:
Type: Custom::LambdaEdge
Properties:
ServiceToken: !ImportValue CustomResourceLambdaEdgeServiceToken
Parameters:
LambdaSourceArn: !Ref EdgeOriginRequestSource.Version
LambdaRoleArn: !GetAtt EdgeOriginRequestRole.Arn
# Custom execution role
EdgeOriginRequestRole:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Action: sts:AssumeRole
Principal:
Service:
- lambda.amazonaws.com
- edgelambda.amazonaws.com
ManagedPolicyArns:
- arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole
- arn:aws:iam::aws:policy/AWSXRayDaemonWriteAccess
Policies:
- PolicyName: CustomPolicy
PolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Resource: "*"
Action: lambda:InvokeFunction
Apache 2.0 ยฉ Yves Merlicco