In the CloudFront dashboard, click on Distributions.
Select a distribution that has Lambda@Edge functions associated with it.
In the distribution settings, go to the Behaviors tab and look for Lambda Function Associations (e.g., Viewer Request, Viewer Response). This section lists the Lambda@Edge functions configured for that behavior.
Lambda Functions:
Navigate to Services > Lambda and locate Lambda@Edge functions in the list. Lambda@Edge functions typically have an ARN indicating the CloudFront distribution and region.
Select a Lambda@Edge function to explore details, including Configuration, Triggers, and Versions.
3. Exploring the AWS Well-Architected Framework Pillars
In the Lambda console, select a Lambda@Edge function and go to the Versions tab. Ensure that the function uses versions (rather than the $LATEST) to promote controlled rollouts and operational stability.
Monitoring and Logs:
In the Monitoring tab of the Lambda function, review the metrics such as Invocations, Duration, Errors, and Throttles. These metrics help track operational performance and identify issues.
If you have access to CloudWatch Logs, inspect log groups for Lambda@Edge functions to analyze invocation details and troubleshoot errors, which is essential for operational excellence.
Deployments:
While read-only access doesn't permit changes, you can review the Aliases used for deployments. Using aliases like DEV, STAGE, and PROD for different versions helps in managing operational deployments systematically.
Within the Lambda function’s Configuration tab, examine the Execution role to ensure that it follows the principle of least privilege. The role should only have the necessary permissions to perform its tasks.
Function Settings:
Check Environment Variables in the Lambda function’s Configuration to see if sensitive information (e.g., API keys, credentials) is stored securely. Sensitive information should be encrypted using AWS KMS.
Access Control:
In the CloudFront distribution, explore the Behaviors tab and look at Viewer Protocol Policy and Cache and origin request settings. These settings affect how Lambda@Edge functions handle requests, which has implications for security (e.g., enforcing HTTPS).
AWS Config and Security Hub:
If AWS Config and Security Hub are enabled in the environment, navigate to them to view compliance reports related to Lambda@Edge. AWS Config rules can highlight compliance with best practices, such as ensuring functions are properly secured and optimized.
Under the Behaviors tab of the CloudFront distribution, review where the Lambda@Edge functions are associated (e.g., Viewer Request, Origin Request). Proper associations help manage traffic effectively and can reduce load on the origin, increasing reliability.
Error Handling:
In the Lambda function’s Configuration > Environment variables, review configurations that might affect error handling (e.g., timeout values, error retries). Proper error handling ensures the function’s reliability during runtime.
Monitoring and Alerts:
Use the Monitoring tab of the Lambda function to ensure metrics such as error rates and invocation durations are tracked. These metrics are crucial for understanding the function's behavior under different conditions, ensuring reliability.
In the Configuration tab of the Lambda function, review the Memory (MB) and Timeout settings. Optimal settings help control costs by preventing over-allocation of memory and excessive execution times.
Request Rate:
Check the Monitoring tab for metrics like Invocations and Duration. High invocation rates with long execution times can lead to higher costs. If certain functions run frequently, consider optimizing code logic or caching responses.
Lambda@Edge Triggers:
In the CloudFront Behaviors tab, review the trigger points (e.g., Viewer Request, Origin Request). Select only necessary triggers to reduce the number of Lambda@Edge invocations, thereby optimizing costs.
In the Configuration tab of the Lambda function, review the allocated Memory (MB) and Timeout values. Properly tuning these settings can significantly impact the function’s performance, as more memory can result in faster execution.
Edge Locations:
Lambda@Edge automatically runs code in response to CloudFront events, distributing the function to edge locations globally. While this is managed by AWS, understanding the edge distribution strategy helps design a performance-efficient architecture.
Caching Strategies:
Under the Behaviors tab in the CloudFront distribution, examine the Cache and origin request settings to see how responses are cached. Effective caching minimizes the number of Lambda@Edge invocations, improving performance.
Cold Starts:
In the Monitoring tab of the Lambda function, check the average duration of executions. High initial latency could indicate cold starts, suggesting the function could benefit from optimization (e.g., reducing function size).
If you have access to CloudWatch Logs, use Logs Insights to query Lambda@Edge logs. Analyzing these logs can provide deeper insights into function performance, invocation patterns, and error occurrences.