So let’s talk about customization at the edge.
So what does it mean?
Well we know we deploy our functions and our applications in a specific region, but sometimes using, for example, CloudFront, we have the Edge locations are distributing our content.
And sometimes the modern applications require to execute some form of logic at the Edge before reaching the application itself.
So these are called Edge Functions, and this is a piece of code that you write and that you will attach to your CloudFront distributions.
The idea is that you want to run these functions close to users in order to minimize latency in some cases.
So CloudFront has two kinds of functions, you have the CloudFront Functions and Lambda@Edge.
The idea will be to be able to understand when they are required and their differences.
But using the Edge Functions, you don’t have to manage any servers, these Edge Functions are deployed globally.
And the use cases of them, for example, would be to customize the CDN content coming out of CloudFront.
Also, you only pay for what you use, and it is fully serverless.
In terms of website security and privacy, when we have dynamic web applications at the Edge, we can do:
- Search engine optimization, SEO
- Intelligent routing across Origins and data center
- Bot mitigation at the Edge
- real-time image transformation at the Edge
- A/B testing
- user authentication and authorization,
- user prioritization, user tracking and analytics
- and so on…
CloudFront Functions is going to be for cache key normalization, so to transform, for example the request attributes to create an optimal cache key.
Header manipulation to insert, modify, or delete HTTP headers in the request or response, or to do URL rewrites or redirects, or to request of an authorization to create and validate JWT tokens to allow or deny request.
So all these things can be executed in less than one millisecond, whereas Lambda@Edge has a longer execution time, it could be up to 10 seconds, for example.
You have adjustable CPU and memory, so you can load a lot of libraries, and your code can depend therefore, on third party libraries, such as the SDK if you wanted to access other AWS services.
You also have network access to external services for processing the data, so you can really perform some big integrations.
And Lambd@Edge gives you file system access, or access to the body itself of the HTTP request, so you can do some more customizations.