Antoine Lehurt

AWS CloudFront Functions

AWS recently released CloudFront Functions—a new serverless scripting platform that allows us to run lightweight JavaScript code at the CloudFront edge locations. These new functions are designed for low latency web request customization.

What’s the difference with Lambda@Edge?

CloudFront Functions and Lambda@Edge are both triggered by events generated by CloudFront. But, CloudFront Functions sit in front of the CloudFront cache. The functions are executed on every request or every response—that’s why CloudFront Functions need to run under 1ms. In comparison, a Lambda sits between the CloudFront cache and the origin, so it’s executed only when the cache is not valid.

CloudFront Functions and Lambda@Edge in an architectural diagramSource

AWS built the CloudFront Functions to address scaling and performance issues that we could face with Lambda@Edge. For instance, cold starts would impact the performance for doing token authorization. Or, in the case of high traffic spikes, we would be limited by lambda throttling or concurrency. With CloudFront Functions, no matter how many requests we get, it will scale indefinitely to match the traffic.

Comparison table between CloudFront Functions and Lambda@EdgeSource

When to use CloudFront Functions?

If we need to rewrite (i.e., AB flag), redirect, authorize (i.e., JWT token) a request, we should consider using a CloudFront Function.

If we need to do heavier computing, like server-side rendering, or data aggregation/transformation that wouldn’t fit the performance budget, we should use a Lambda@Edge.