Debugging the CloudFront's problem after enabl

2019-08-21 02:25发布

问题:

Following this article, I'm trying to serve my static content from multiple regions (under the same domain) within AWS.

So far, I have:

  • uploaded my content into an S3 bucket
  • enabled the "static web hosting" for that bucket
  • and made it public
  • created a distribution in CloudFront with the S3 bucket as the origin
  • created a record set in Route 53 pointing to the distribution

At this point, everything works fine. If I enter the domain name in a browser, I can see the static content. Now it's time to make it multi-regional:

  • create a lambda function as instructed in the article with a role holding the AdministratorAccess policy (out of desperation - once I make it work, I'll carefully design the proper role)
  • linked the lambda function to CloudFront: Event type: origin-request, Include body: No, Path pattern: *
  • edited the CloudFront distribution, adding the header X-DNS-ORIGIN

After applying these steps, I had to wait a minute before they were effective. And once they were effective, I couldn't open the web page anymore. Doing so will lead to this error message:

503 ERROR
The request could not be satisfied.
The Lambda function associated with the CloudFront distribution is invalid or doesn't have the required permissions. 
If you received this error while trying to use an app or access a website, please contact the provider or website owner for assistance. 
If you provide content to customers through CloudFront, you can find steps to troubleshoot and help prevent this error by following steps in the CloudFront documentation (http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/http-503-service-unavailable.html). 
Generated by cloudfront (CloudFront)

I even enabled CloudFront's logging mechanism. But it was no help either. The logs only show that there was a LambdaExecutionError. But it doesn't say anything useful.

I believe that the lambda function is not called at all since I don't see any logs generated for it in CloudWatch. At this point, I have no idea how can I fix this problem. Any help is appreciated.

[EDIT]

I forgot to mention. The role assigned to the lambda function has the lambda.amazonaws.com and edgelambda.amazonaws.com listed as services in its Trust relationship tab.

回答1:

It has been several months, but in case someone else runs across this same issue as I did. This article has been helpful: https://hackernoon.com/postcards-from-lambda-the-edge-11a43f215dc1

When your code runs at The Edge, the logging happens in the CloudWatch region of that edge server. The logs might not be where you think they will be.

To find your logs, look for them in the region of the edge server. In my case, CloudWatch > Log Groups > /aws/lambda/us-east-1.lambdafunctionname