Attend this session to dive deeper into AWS's content delivery service, Amazon CloudFront. Learn how you can use CloudFront to accelerate the delivery of your APIs or applications, including content that cannot be cached, to global clients. We'll also walk you through how you can use Lambda@Edge, which gives you the ability to execute custom code inline with your CloudFront events to customize applications. With Lambda@Edge, you can now generate custom responses right at the edge, allowing you to leverage CloudFront to reduce end-to-end latency and more efficiently filter traffic to your back-end origin servers. We'll walk you through Lambda@Edge use cases and walk through a demo to show how this works.

1. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
George John, Product Manager, Amazon CloudFront
August 14, 2017
Deep Dive on Accelerating Content,
APIs, and Applications with Amazon
CloudFront and Lambda@Edge

2. What to expect from this session
• Amazon CloudFront and AWS Lambda
• Lambda@Edge
• Getting started with Lambda@Edge

3. AWS Core Services
Compute
Storage
Database
Edge
Edge Services: A core infrastructure component
Users can access
application
resources directly
Customer
Application
Edge services include
CloudFront, Route 53,
AWS WAF, AWS Shield,
AWS Elemental

4. AWS Core Services
Edge Services: A core infrastructure component
Users can access application resources
through the Edge to secure, scale, and
optimize applications
Compute
Storage
Database
Edge
Customer
Application
AND/OR

5. CloudFront: Global content delivery network
 Accelerate your application and APIs
 Include static content such as images and video
 Massively scalable
 Highly secure
 Self-service
 Priced to minimize cost

6. 82 Edge Locations + 11 Regional Edge Caches

7. Dynamic
Static
Video
User
input
SSL/TLS
CloudFront delivers ALL types of content

8. Without having to change your backend…
ALB/ELB
Dynamic content
Amazon EC2
Static content
Amazon S3 Custom origin
OR
OR
Custom origin
Amazon CloudFront
example.com
*.jpg
*.php

9. Application – Acceleration
 CloudFront latency-based routing
 Collapse multiple requests for the same object back to
the origin
 TCP window scaling
 Persistent TCP connections to origin
 AWS Backbone Network
 SSL/TLS optimizations

10. AWS Lambda: Serverless
Computing

11. AWS Lambda: Serverless computing
Run code without servers. Pay only for the compute time you consume. Be happy.
Triggered by events or called from APIs:
• PUT to an Amazon S3 bucket
• Updates to Amazon DynamoDB table
• Call to an Amazon API Gateway endpoint
• Mobile app backend call
• CloudFront requests
• And many more…
Makes it easy to:
• Perform real-time data processing
• Build scalable backend services
• Glue and choreograph systems

12. Benefits of AWS Lambda
Continuous
scaling
No servers to
manage
Never pay for idle
– no cold servers
(only happy
accountants)

13. AWS Lambda@Edge:
Serverless Edge Computing

14. Introducing Lambda@Edge
• Lambda@Edge is an extension of AWS Lambda that allows you to run
Node.js code at global AWS locations
• Bring your own code to the Edge and customize your content very close to
your users, improving end-user experience
Continuous
scaling
No servers
to manage
Never pay for idle
– no cold servers
Globally
distributed

15. Write once, run everywhere
AWS
Location
AWS
Location
AWS
Location
AWS
Location
Origin server
AWS
Location

16. CloudFront triggers for Lambda@Edge functions

17. CloudFront triggers for
Lambda@Edge functions
CloudFront cache
End user
Viewer request Origin request
Origin responseViewer response

18. Lambda@Edge events
• All Lambda@Edge invocations are synchronous
• Request events
• URI and header modifications can change the object being requested
• Viewer request can change the object being requested from the CloudFront
cache and the origin
• Origin request can change the object or path pattern being requested from the
origin
• Response events
• Origin response can modify what is cached and generate cacheable responses
to be returned to the viewer
• Viewer response can change what is returned to the viewer
CloudFront
cache
End user
Viewer request Origin request
Origin responseViewer response

19. Lambda@Edge functionality
• Read and write access to headers, URIs, and
cookies across all triggers
• Ability to generate custom responses from
scratch
• Access to make network calls to external
resources on origin-facing hooks

20. So, what can I do with
Lambda@Edge?

21. Highly personalized websites
• Redirect viewers to the optimal
experience based on their location,
language preferences, and device type

22. Highly personalized websites – how?
• Trigger: Viewer request
• Inputs
• Requested URL
• Device type (i.e., User-Agent)
• Existing session data
• Output
• Generate a response directly from Lambda@Edge,
specifically a redirect to the most relevant experience (e.g. ,
cropped images and mobile sites for mobile users)

23. Pretty URLs
• Rewrite the URL end user's request
to serve content without exposing
your team’s internal directory
structure and organization
• Provide customized experiences
without compromising consistency in
what your viewers see

24. Pretty URLs – how?
• Trigger: Origin request
• Inputs
• URL requested
• Outputs
• Rewrite the requested URL, which will be passed to the origin
• The response will be cached based on what the customer
requested to serve subsequent requests (i.e., the pretty URL)

25. Authorization at the Edge
• Inspect cookies or custom headers to
authenticate clients right at the Edge
• Enforce paywalls at the Edge to gate
access to premium content to only
authenticated viewers

26. Authorization at the Edge – how?
• Trigger: Viewer request
• Prerequisites
• The customer must have previously authenticated against your authoritative
service, resulting in some sort of authorization credential. Typically this is a
cookie.
• Inputs
• URL
• Authorization credential (cookie)
• Outputs
• Allow the request to succeed if the request is authorized. If not, either return
a 403 response or redirect to an authentication page

27. A/B testing
• ‘Flip a coin’ to select a
version of content
displayed to each user
on an asset level
• Set cookies to ensure
that users continue to
see the right versions
of content

28. A/B testing – how?
• Trigger: Viewer request
• Inputs
• URL
• Cookies
• Outputs
• If the A/B testing cookie is set, rewrite the requested URI to
be the correct content version
• If it is not set, flip a coin and set the cookie accordingly.

29. Limited access to content
• Enforce timed access to content
at the edge
• Make a call to an external
authentication server to confirm
if a user’s session is still valid
• Forward valid requests to the
origin, and serve redirects to
new users to login pages

30. Limited content access – how?
• Trigger: Origin request
• Inputs
• URL/cookies
• Access to external user-tracking database
• Outputs
• If a customer requests content for specific URLs or with
specific cookies, make a request to the external server to
confirm session validity
• Based on response from external server, serve content, or
redirect to a login page

31. Response generation at the Edge
Generate an HTTP response to end
user requests arriving at AWS locations:
• Generate customized error pages
and static websites directly from Edge
locations
• Combine content drawn from multiple
external resources to dynamically
build websites at the Edge

32. Response generation – how?
• Viewer or origin request event
• Inputs
• URI
• Headers
• Outputs
• Custom response based on URI and headers

33. Lambda@Edge: Getting Started

34. Lambda@Edge pricing
Just as with Lambda today, Lambda@Edge is priced on two
dimensions:
• $0.60 / million function executions
• $0.0225 per hour of execution duration (128 MB per function, metered at
50ms granularity)
For example - 10 million executions, 50ms each time
• Total charges = Compute charges (10M * 0.05 sec * ($0.0225 / 3600) =
$3.13) + Request charges (10M * $0.6/M = $6.00) = $3.13 + $6.00 = $9.13
per month

35. Recap – using Lambda@Edge
Bring your own code
• Self-service through the
Lambda console
Familiar programming
model
• Standard Node.js-6.10
Write once, run everywhere
• Automatically deployed to the AWS network
of 79 Edge locations
• Requests are routed to the locations closest
to your end users across the world
Functionalities:
- Modify response header
- CloudFront response generation
- CloudFront HTTP redirect
- A/B testing
Benefits:
- Simple remote call at origin-facing hooks
- Cacheable static content generation
- Content generation with remote calls

36. Lambda@Edge – let’s get started
• Sign up: https://aws.amazon.com/lambda/edge

37. Thank you!

38. Remember to complete
your evaluations!