AWS CloudFront and Lambda@Edge: Edge Computing for Global Applications

CloudFront and Lambda@Edge: Processing at the Edge

CloudFront Lambda@Edge computing enables you to run code at AWS edge locations worldwide, processing requests as close to users as possible. Instead of routing all requests to a single origin region, Lambda@Edge intercepts requests at the nearest CloudFront POP and can modify requests, responses, generate content, or perform authentication — all within milliseconds. Therefore, global applications achieve lower latency and reduced origin load.

Lambda@Edge runs at over 400 CloudFront edge locations globally. Moreover, CloudFront Functions (a lighter alternative) execute at an even wider set of locations with sub-millisecond latency. Consequently, you can build sophisticated request routing, personalization, and security logic that runs right next to your users.

CloudFront Lambda@Edge Computing: Function Types

Lambda@Edge provides four trigger points in the request lifecycle — viewer request, origin request, origin response, and viewer response. Each trigger point serves different use cases. Furthermore, CloudFront Functions offer a simpler, faster option for lightweight request/response manipulation.

// Viewer Request: A/B testing at the edge
exports.handler = async (event) => {
    const request = event.Records[0].cf.request;
    const headers = request.headers;

    // Check for existing experiment cookie
    const cookies = headers.cookie || [];
    const experimentCookie = cookies.find(c =>
        c.value.includes('experiment='));

    if (!experimentCookie) {
        // Assign user to experiment group
        const group = Math.random() < 0.5 ? 'control' : 'variant';
        headers.cookie = headers.cookie || [];
        headers.cookie.push({
            key: 'Cookie',
            value: 'experiment=' + group
        });

        // Route to different origin path based on group
        if (group === 'variant') {
            request.uri = request.uri.replace('/page', '/page-v2');
        }
    }

    return request;
};

// Origin Response: Add security headers
exports.handler = async (event) => {
    const response = event.Records[0].cf.response;
    const headers = response.headers;

    headers['strict-transport-security'] = [{
        key: 'Strict-Transport-Security',
        value: 'max-age=31536000; includeSubdomains; preload'
    }];
    headers['x-content-type-options'] = [{
        key: 'X-Content-Type-Options',
        value: 'nosniff'
    }];
    headers['x-frame-options'] = [{
        key: 'X-Frame-Options',
        value: 'DENY'
    }];
    headers['content-security-policy'] = [{
        key: 'Content-Security-Policy',
        value: "default-src 'self'; script-src 'self' 'unsafe-inline'"
    }];

    return response;
};

Image Optimization at the Edge

Resize and format images on-the-fly based on device type, screen size, and browser capabilities. This approach eliminates the need to pre-generate multiple image variants and reduces storage costs while delivering optimized images to every user.

// Origin Request: Dynamic image resizing
const Sharp = require('sharp');

exports.handler = async (event) => {
    const request = event.Records[0].cf.request;
    const params = new URLSearchParams(request.querystring);

    const width = parseInt(params.get('w')) || null;
    const height = parseInt(params.get('h')) || null;
    const format = params.get('f') || 'webp';
    const quality = parseInt(params.get('q')) || 80;

    if (!width && !height) return request;

    // Fetch original from S3
    const s3Response = await s3.getObject({
        Bucket: 'my-images',
        Key: request.uri.substring(1)
    }).promise();

    // Transform image
    let transformer = Sharp(s3Response.Body);
    if (width || height) transformer = transformer.resize(width, height);
    transformer = transformer.toFormat(format, { quality });

    const buffer = await transformer.toBuffer();

    return {
        status: '200',
        body: buffer.toString('base64'),
        bodyEncoding: 'base64',
        headers: {
            'content-type': [{ value: 'image/' + format }],
            'cache-control': [{ value: 'public, max-age=31536000' }]
        }
    };
};

Geo-Based Routing and Personalization

CloudFront provides geo headers (CloudFront-Viewer-Country, CloudFront-Viewer-City) that enable location-based content delivery. Route users to regional origins, display localized content, or enforce geo-restrictions — all at the edge. Additionally, combine geo data with user preferences for personalized experiences.

CloudFront Functions vs Lambda@Edge

Use CloudFront Functions for lightweight operations (header manipulation, URL rewrites, redirects) — they’re faster and cheaper. Use Lambda@Edge for complex logic requiring network access, larger payloads, or longer execution time. See the CloudFront edge functions documentation for detailed feature comparison.

Key Takeaways

• Start with a solid foundation and build incrementally based on your requirements
• Test thoroughly in staging before deploying to production environments
• Monitor performance metrics and iterate based on real-world data
• Follow security best practices and keep dependencies up to date
• Document architectural decisions for future team members

In conclusion, CloudFront Lambda@Edge computing brings application logic to the network edge, reducing latency and offloading work from origin servers. Use it for A/B testing, security headers, image optimization, and geo-based routing. Start with CloudFront Functions for simple tasks and graduate to Lambda@Edge when you need full compute power at the edge.