DEV Community: Samy Ouaret The latest articles on DEV Community by Samy Ouaret (@samyouaret). https://dev.to/samyouaret https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F200966%2F063dd74e-1d62-4fbe-aae8-fe37dc7ff635.jpg DEV Community: Samy Ouaret https://dev.to/samyouaret en Serve binary content with AWS Lambda and AWS CloudFront, managed by Terraform. Samy Ouaret Sat, 14 Jan 2023 21:04:44 +0000 https://dev.to/samyouaret/serve-binary-content-with-aws-lambda-and-aws-cloudfront-managed-by-terraform-3khn https://dev.to/samyouaret/serve-binary-content-with-aws-lambda-and-aws-cloudfront-managed-by-terraform-3khn <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--LrZI9IVG--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/3uvqxxcvyylmtuu4s6t2.jpg" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--LrZI9IVG--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/3uvqxxcvyylmtuu4s6t2.jpg" alt="Image description" width="880" height="704"></a><br> AWS lambda offers a great computing ability that makes it perfect for small and on-demand jobs, although it is usually used to handle different events raised by AWS services in an event-driven manner, when we often return response body as JSON.</p> <p>Another way to use lambda is to return binary data, in order to make that possible we need to use Functions URL and return the data as Base64 format, in this article we will explore how to read images from AWS S3, then process and serve those images as dynamic binary images using lambda and leverage the AWS CloudFront to cache the result.</p> <h2> Walking through the project </h2> <p>During this article we are going to use terraform to create a lambda function that runs on top of Nodejs runtime(make sure to install terraform", the lambda function will read an s3 image specified in the url path along the two params( width and height), then we will use the <a href="%5Bhttps://%5D(https://www.npmjs.com/package/sharp)">sharp</a> package to resize the image then return the newly resized image.</p> <h2> Setting up lambda </h2> <p>Before we go further we need first to create a trust policy that allows Lambda to assume the role, then we give our function permission to read images stored on the s3 bucket, in addition to basic permissions to work with CloudWatch logs.</p> <p>and here is the terraform code that declares the basic execution role for lambda, including the S3 read permission.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight hcl"><code> <span class="nx">resource</span> <span class="s2">"aws_iam_role"</span> <span class="s2">"lambda_role"</span> <span class="p">{</span> <span class="nx">name</span> <span class="p">=</span> <span class="s2">"th_gen_lambda_function_Role"</span> <span class="nx">assume_role_policy</span> <span class="p">=</span> <span class="o">&lt;&lt;</span><span class="no">POLICY</span><span class="sh"> { "Version": "2012-10-17", "Statement": [ { "Action": "sts:AssumeRole", "Principal": { "Service": "lambda.amazonaws.com" }, "Effect": "Allow", "Sid": "AllowLambdaToAssumeRole" } ] } </span><span class="no">POLICY </span><span class="p">}</span> <span class="nx">resource</span> <span class="s2">"aws_iam_policy"</span> <span class="s2">"iam_policy_for_lambda"</span> <span class="p">{</span> <span class="nx">name</span> <span class="p">=</span> <span class="s2">"aws_iam_policy_for_terraform_aws_lambda_role"</span> <span class="nx">path</span> <span class="p">=</span> <span class="s2">"/"</span> <span class="nx">description</span> <span class="p">=</span> <span class="s2">"AWS IAM Policy for managing aws lambda role"</span> <span class="nx">policy</span> <span class="p">=</span> <span class="o">&lt;&lt;</span><span class="no">POLICY</span><span class="sh"> { "Version": "2012-10-17", "Statement": [ { "Sid": "BasicLambdaLogsPolicy", "Action": [ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents" ], "Resource": "arn:aws:logs:*:*:*", "Effect": "Allow" }, { "Sid": "AllowS3Read", "Action": [ "s3:GetObject" ], "Effect": "Allow", "Resource": [ "arn:aws:s3:::samyouaret-thumbnail-pictures/*" ] } ] } </span><span class="no">POLICY </span><span class="p">}</span> <span class="nx">resource</span> <span class="s2">"aws_iam_role_policy_attachment"</span> <span class="s2">"attach_iam_policy_to_iam_role"</span> <span class="p">{</span> <span class="nx">role</span> <span class="p">=</span> <span class="nx">aws_iam_role</span><span class="err">.</span><span class="nx">lambda_role</span><span class="err">.</span><span class="nx">name</span> <span class="nx">policy_arn</span> <span class="p">=</span> <span class="nx">aws_iam_policy</span><span class="err">.</span><span class="nx">iam_policy_for_lambda</span><span class="err">.</span><span class="nx">arn</span> <span class="p">}</span> </code></pre> </div> <h2> Creating Lambda function </h2> <p>After we declare the role necessary for lambda, we will create our lambda function.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="nx">resource</span> <span class="dl">"</span><span class="s2">aws_lambda_function</span><span class="dl">"</span> <span class="dl">"</span><span class="s2">lambda_generator</span><span class="dl">"</span> <span class="p">{</span> <span class="nx">function_name</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">test_th_gen</span><span class="dl">"</span> <span class="nx">filename</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">lambda_function.zip</span><span class="dl">"</span> <span class="nx">handler</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">index.handler</span><span class="dl">"</span> <span class="nx">source_code_hash</span> <span class="o">=</span> <span class="nx">filebase64sha256</span><span class="p">(</span><span class="dl">"</span><span class="s2">lambda_function.zip</span><span class="dl">"</span><span class="p">)</span> <span class="nx">role</span> <span class="o">=</span> <span class="nx">aws_iam_role</span><span class="p">.</span><span class="nx">lambda_role</span><span class="p">.</span><span class="nx">arn</span> <span class="nx">runtime</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">nodejs16.x</span><span class="dl">"</span> <span class="nx">environment</span> <span class="p">{</span> <span class="nx">variables</span> <span class="o">=</span> <span class="p">{</span> <span class="nx">BUCKET</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">samyouaret-thumbnail-pictures</span><span class="dl">"</span> <span class="p">}</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>let's explain the config used to create the function</p> <ol> <li> <strong>function_name</strong>: the name of the function.</li> <li> <strong>filename</strong>: the zipped file that is used to deploy lambda.</li> <li> <strong>index.handler</strong>: the entry file(index.js) and the target function that handles the request(handler).</li> <li> <strong>source_code_hash</strong>: this is important to calculate the hash of our zipped file so terraform can decide whether to redeploy the function if the code change( so we get a new hash).</li> <li> <strong>runtime</strong>: it specifies <code>Nodejs.16x</code> as the target runtime.</li> <li> <strong>role</strong>: assign the previously created role to lambda.</li> </ol> <h3> Enabling Lambda function url </h3> <p>Enabling function URL is a straightforward task using terraform we declare the <code>aws_lambda_function_url</code> resource.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight hcl"><code><span class="nx">resource</span> <span class="s2">"aws_lambda_function_url"</span> <span class="s2">"lambda_url"</span> <span class="p">{</span> <span class="nx">function_name</span> <span class="p">=</span> <span class="nx">aws_lambda_function</span><span class="err">.</span><span class="nx">lambda_generator</span><span class="err">.</span><span class="nx">function_name</span> <span class="nx">authorization_type</span> <span class="p">=</span> <span class="s2">"NONE"</span> <span class="p">}</span> </code></pre> </div> <h2> Creating s3 bucket </h2> <p>We are going to create a public s3 bucket for this setup.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight hcl"><code><span class="nx">resource</span> <span class="s2">"aws_s3_bucket"</span> <span class="s2">"s3_bucket"</span> <span class="p">{</span> <span class="nx">bucket</span> <span class="p">=</span> <span class="s2">"samyouaret-thumbnail-pictures"</span> <span class="nx">tags</span> <span class="p">=</span> <span class="p">{</span> <span class="s2">"project"</span> <span class="p">=</span> <span class="s2">"thumbnail-gen"</span> <span class="p">}</span> <span class="p">}</span> <span class="nx">resource</span> <span class="s2">"aws_s3_bucket_public_access_block"</span> <span class="s2">"bucket_public_access"</span> <span class="p">{</span> <span class="nx">bucket</span> <span class="p">=</span> <span class="nx">aws_s3_bucket</span><span class="err">.</span><span class="nx">s3_bucket</span><span class="err">.</span><span class="nx">id</span> <span class="nx">block_public_acls</span> <span class="p">=</span> <span class="kc">false</span> <span class="nx">block_public_policy</span> <span class="p">=</span> <span class="kc">false</span> <span class="nx">ignore_public_acls</span> <span class="p">=</span> <span class="kc">false</span> <span class="nx">restrict_public_buckets</span> <span class="p">=</span> <span class="kc">false</span> <span class="p">}</span> </code></pre> </div> <h2> Our Lambda code </h2> <p>After we successfully created our resources let's write the lambda function that handles the code, we going to init the project using <code>yarn</code>(you can use npm it is just a preference).</p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>yarn init -y </code></pre> </div> <p>to resize the image we will use the <a href="%5Bhttps://%5D(https://www.npmjs.com/package/sharp)">sharp</a> package.</p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>yarn add sharp </code></pre> </div> <p>ultimately to read images from s3 we need to install S3 AWS client sdk</p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>yarn add @aws-sdk/client-s3 </code></pre> </div> <p>Then we need to import your packages to get started<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="nx">sharp</span> <span class="o">=</span> <span class="nx">require</span><span class="p">(</span><span class="dl">'</span><span class="s1">sharp</span><span class="dl">'</span><span class="p">);</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">GetObjectCommand</span><span class="p">,</span> <span class="nx">S3Client</span> <span class="p">}</span> <span class="o">=</span> <span class="nx">require</span><span class="p">(</span><span class="dl">'</span><span class="s1">@aws-sdk/client-s3</span><span class="dl">'</span><span class="p">);</span> </code></pre> </div> <p>Using the latest AWS s3 client, that implements Nodejs streams we are going create a simple function that reads images and then returns the image mime type and its content as a Nodejs buffer.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="k">async</span> <span class="kd">function</span> <span class="nx">getImage</span><span class="p">(</span><span class="nx">bucket</span><span class="p">,</span><span class="nx">imageKey</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">s3Client</span> <span class="o">=</span> <span class="k">new</span> <span class="nx">S3Client</span><span class="p">();</span> <span class="k">return</span> <span class="k">new</span> <span class="nb">Promise</span><span class="p">(</span><span class="k">async</span> <span class="p">(</span><span class="nx">resolve</span><span class="p">,</span><span class="nx">reject</span><span class="p">)</span><span class="o">=&gt;</span><span class="p">{</span> <span class="k">try</span> <span class="p">{</span> <span class="kd">let</span> <span class="nx">getCommand</span> <span class="o">=</span> <span class="k">new</span> <span class="nx">GetObjectCommand</span><span class="p">({</span> <span class="na">Bucket</span><span class="p">:</span> <span class="nx">bucket</span><span class="p">,</span> <span class="na">Key</span><span class="p">:</span> <span class="nx">imageKey</span> <span class="p">});</span> <span class="kd">let</span> <span class="nx">response</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">s3Client</span><span class="p">.</span><span class="nx">send</span><span class="p">(</span><span class="nx">getCommand</span><span class="p">);</span> <span class="kd">let</span> <span class="nx">chunks</span> <span class="o">=</span> <span class="p">[];</span> <span class="nx">response</span><span class="p">.</span><span class="nx">Body</span><span class="p">.</span><span class="nx">on</span><span class="p">(</span><span class="dl">'</span><span class="s1">data</span><span class="dl">'</span><span class="p">,(</span><span class="nx">chunk</span><span class="p">)</span><span class="o">=&gt;</span> <span class="nx">chunks</span><span class="p">.</span><span class="nx">push</span><span class="p">(</span><span class="nx">chunk</span><span class="p">));</span> <span class="nx">response</span><span class="p">.</span><span class="nx">Body</span><span class="p">.</span><span class="nx">once</span><span class="p">(</span><span class="dl">'</span><span class="s1">end</span><span class="dl">'</span><span class="p">,</span><span class="k">async</span> <span class="p">()</span><span class="o">=&gt;</span><span class="nx">resolve</span><span class="p">({</span> <span class="na">body</span><span class="p">:</span> <span class="nx">Buffer</span><span class="p">.</span><span class="nx">concat</span><span class="p">(</span><span class="nx">chunks</span><span class="p">),</span> <span class="na">contentType</span><span class="p">:</span> <span class="nx">response</span><span class="p">.</span><span class="nx">ContentType</span> <span class="p">}));</span> <span class="p">}</span> <span class="k">catch</span> <span class="p">(</span><span class="nx">error</span><span class="p">)</span> <span class="p">{</span> <span class="nx">reject</span><span class="p">(</span><span class="nx">error</span><span class="p">);</span> <span class="p">}</span> <span class="p">});</span> <span class="p">}</span> </code></pre> </div> <p>Now let's create a function to resize the image with sharp package.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="k">async</span> <span class="kd">function</span> <span class="nx">resizeImage</span><span class="p">(</span><span class="nx">imageBuffer</span><span class="p">,</span><span class="nx">options</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">sharp</span><span class="p">(</span><span class="nx">imageBuffer</span><span class="p">).</span><span class="nx">resize</span><span class="p">(</span><span class="nx">options</span><span class="p">).</span><span class="nx">toBuffer</span><span class="p">();</span> <span class="p">}</span> </code></pre> </div> <h3> Creating the lambda handler function </h3> <p>Our function will read the pathname and <code>width</code> and <code>height</code> params specified in the function URL when it is invoked, use the pathname as the key to reading the s3 image, and pass the params and image content to <a href="%5Bhttps://%5D(https://www.npmjs.com/package/sharp)">sharp</a> to resize it.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="k">async</span> <span class="kd">function</span> <span class="nx">handler</span><span class="p">(</span><span class="nx">event</span><span class="p">,</span> <span class="nx">context</span><span class="p">)</span> <span class="p">{</span> <span class="kd">let</span> <span class="nx">imageKey</span> <span class="o">=</span> <span class="nx">event</span><span class="p">.</span><span class="nx">rawPath</span><span class="p">.</span><span class="nx">replace</span><span class="p">(</span><span class="dl">'</span><span class="s1">/</span><span class="dl">'</span><span class="p">,</span><span class="dl">''</span><span class="p">);</span> <span class="kd">let</span> <span class="nx">image</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">getImage</span><span class="p">(</span><span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">BUCKET</span><span class="p">,</span><span class="nx">imageKey</span><span class="p">);</span> <span class="kd">let</span> <span class="nx">body</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">resizeImage</span><span class="p">(</span><span class="nx">image</span><span class="p">.</span><span class="nx">body</span><span class="p">,</span> <span class="p">{</span> <span class="na">width</span><span class="p">:</span> <span class="nb">parseInt</span><span class="p">(</span><span class="nx">event</span><span class="p">.</span><span class="nx">queryStringParameters</span><span class="p">.</span><span class="nx">w</span><span class="p">),</span> <span class="na">height</span><span class="p">:</span> <span class="nb">parseInt</span><span class="p">(</span><span class="nx">event</span><span class="p">.</span><span class="nx">queryStringParameters</span><span class="p">.</span><span class="nx">h</span><span class="p">),</span> <span class="p">});</span> <span class="k">return</span> <span class="p">{</span> <span class="na">statusCode</span><span class="p">:</span> <span class="mi">200</span><span class="p">,</span> <span class="na">headers</span><span class="p">:</span> <span class="p">{</span> <span class="dl">"</span><span class="s2">Content-Type</span><span class="dl">"</span><span class="p">:</span> <span class="nx">image</span><span class="p">.</span><span class="nx">contentType</span> <span class="p">},</span> <span class="na">body</span><span class="p">:</span> <span class="nx">body</span><span class="p">.</span><span class="nx">toString</span><span class="p">(</span><span class="dl">'</span><span class="s1">base64</span><span class="dl">'</span><span class="p">),</span> <span class="na">isBase64Encoded</span><span class="p">:</span> <span class="kc">true</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>Now the important part is to specify to content type to image content type eg. <code>image/png</code>, more importantly, is to set the property <code>isBase64Encoded</code> to true so Lambda knows that the body is base64 encoded.</p> <p>Using the nodejs <strong>buffer.toString('base64')</strong> will encode the sharp result(buffer) as base64. To call the function we simply call the function as follows</p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>https://function-url/image-key?w=300&amp;h=3000 </code></pre> </div> <p>to package the function in a zip file</p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>zip lambda_function.zip index.js node_modules yarn.lock package.json -r </code></pre> </div> <p>One thing to do before we can use terraform is to export AWS credentials </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>export AWS_SECRET_ACCESS_KEY= AWS_ACCESS_KEY_ID= </code></pre> </div> <p>Plan the terraform setup, if that satisfies you then apply the config.</p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>terraform plan </code></pre> </div> <p>Then run apply the changes</p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>terraform apply </code></pre> </div> <h2> Adding Cloudfront Cache layer </h2> <p>Let's add CloudFront to the cache of the result and reduce the computing resource and the cost.</p> <p>We are going to create a CloudFront distribution, and the origin will be the function URL, we will also create</p> <ol> <li>A cache policy so the cache key will depend on width and height parameters.</li> <li>An Origin request policy so we can forward the width and height parameters to the Lambda function.</li> </ol> <p>For the purpose of testing, we use a TTL of 60s.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight hcl"><code> <span class="nx">resource</span> <span class="s2">"aws_cloudfront_cache_policy"</span> <span class="s2">"thumnail_generator_cache_policy"</span> <span class="p">{</span> <span class="nx">name</span> <span class="p">=</span> <span class="s2">"thumnail_generator_cache_policy"</span> <span class="nx">min_ttl</span> <span class="p">=</span> <span class="mi">60</span> <span class="nx">default_ttl</span> <span class="p">=</span> <span class="mi">60</span> <span class="nx">max_ttl</span> <span class="p">=</span> <span class="mi">60</span> <span class="nx">parameters_in_cache_key_and_forwarded_to_origin</span> <span class="p">{</span> <span class="nx">cookies_config</span> <span class="p">{</span> <span class="nx">cookie_behavior</span> <span class="p">=</span> <span class="s2">"none"</span> <span class="nx">cookies</span> <span class="p">{</span> <span class="nx">items</span> <span class="p">=</span> <span class="p">[]</span> <span class="p">}</span> <span class="p">}</span> <span class="nx">headers_config</span> <span class="p">{</span> <span class="nx">header_behavior</span> <span class="p">=</span> <span class="s2">"none"</span> <span class="nx">headers</span> <span class="p">{</span> <span class="nx">items</span> <span class="p">=</span> <span class="p">[]</span> <span class="p">}</span> <span class="p">}</span> <span class="nx">query_strings_config</span> <span class="p">{</span> <span class="nx">query_string_behavior</span> <span class="p">=</span> <span class="s2">"whitelist"</span> <span class="nx">query_strings</span> <span class="p">{</span> <span class="nx">items</span> <span class="p">=</span> <span class="p">[</span><span class="s2">"w"</span><span class="p">,</span> <span class="s2">"h"</span><span class="p">]</span> <span class="p">}</span> <span class="p">}</span> <span class="p">}</span> <span class="p">}</span> <span class="nx">resource</span> <span class="s2">"aws_cloudfront_origin_request_policy"</span> <span class="s2">"forward_resize_params"</span> <span class="p">{</span> <span class="nx">name</span> <span class="p">=</span> <span class="s2">"forward_resize_params"</span> <span class="nx">comment</span> <span class="p">=</span> <span class="s2">"forward resize params to origin"</span> <span class="nx">query_strings_config</span> <span class="p">{</span> <span class="nx">query_string_behavior</span> <span class="p">=</span> <span class="s2">"whitelist"</span> <span class="nx">query_strings</span> <span class="p">{</span> <span class="nx">items</span> <span class="p">=</span> <span class="p">[</span><span class="s2">"w"</span><span class="p">,</span> <span class="s2">"h"</span><span class="p">]</span> <span class="p">}</span> <span class="p">}</span> <span class="nx">headers_config</span> <span class="p">{</span> <span class="nx">header_behavior</span> <span class="p">=</span> <span class="s2">"none"</span> <span class="p">}</span> <span class="nx">cookies_config</span> <span class="p">{</span> <span class="nx">cookie_behavior</span> <span class="p">=</span> <span class="s2">"none"</span> <span class="p">}</span> <span class="p">}</span> <span class="nx">resource</span> <span class="s2">"aws_cloudfront_distribution"</span> <span class="s2">"lambda_distribution"</span> <span class="p">{</span> <span class="nx">origin</span> <span class="p">{</span> <span class="nx">domain_name</span> <span class="p">=</span> <span class="s2">"${aws_lambda_function_url.lambda_url.url_id}.lambda-url.us-east-1.on.aws"</span> <span class="nx">origin_id</span> <span class="p">=</span> <span class="s2">"${aws_lambda_function_url.lambda_url.url_id}.lambda-url.us-east-1.on.aws"</span> <span class="nx">custom_origin_config</span> <span class="p">{</span> <span class="nx">http_port</span> <span class="p">=</span> <span class="s2">"80"</span> <span class="nx">https_port</span> <span class="p">=</span> <span class="s2">"443"</span> <span class="nx">origin_protocol_policy</span> <span class="p">=</span> <span class="s2">"https-only"</span> <span class="nx">origin_ssl_protocols</span> <span class="p">=</span> <span class="p">[</span><span class="s2">"TLSv1.2"</span><span class="p">]</span> <span class="p">}</span> <span class="p">}</span> <span class="nx">depends_on</span> <span class="p">=</span> <span class="p">[</span> <span class="nx">aws_cloudfront_cache_policy</span><span class="err">.</span><span class="nx">thumnail_generator_cache_policy</span><span class="p">,</span> <span class="nx">aws_cloudfront_origin_request_policy</span><span class="err">.</span><span class="nx">forward_resize_params</span><span class="p">,</span> <span class="p">]</span> <span class="nx">enabled</span> <span class="p">=</span> <span class="kc">true</span> <span class="nx">default_cache_behavior</span> <span class="p">{</span> <span class="nx">allowed_methods</span> <span class="p">=</span> <span class="p">[</span><span class="s2">"DELETE"</span><span class="p">,</span> <span class="s2">"GET"</span><span class="p">,</span> <span class="s2">"HEAD"</span><span class="p">,</span> <span class="s2">"OPTIONS"</span><span class="p">,</span> <span class="s2">"PATCH"</span><span class="p">,</span> <span class="s2">"POST"</span><span class="p">,</span> <span class="s2">"PUT"</span><span class="p">]</span> <span class="nx">cached_methods</span> <span class="p">=</span> <span class="p">[</span><span class="s2">"GET"</span><span class="p">,</span> <span class="s2">"HEAD"</span><span class="p">]</span> <span class="nx">target_origin_id</span> <span class="p">=</span> <span class="s2">"${aws_lambda_function_url.lambda_url.url_id}.lambda-url.us-east-1.on.aws"</span> <span class="nx">viewer_protocol_policy</span> <span class="p">=</span> <span class="s2">"allow-all"</span> <span class="nx">cache_policy_id</span> <span class="p">=</span> <span class="nx">aws_cloudfront_cache_policy</span><span class="err">.</span><span class="nx">thumnail_generator_cache_policy</span><span class="err">.</span><span class="nx">id</span> <span class="nx">origin_request_policy_id</span> <span class="p">=</span> <span class="nx">aws_cloudfront_origin_request_policy</span><span class="err">.</span><span class="nx">forward_resize_params</span><span class="err">.</span><span class="nx">id</span> <span class="p">}</span> <span class="nx">restrictions</span> <span class="p">{</span> <span class="nx">geo_restriction</span> <span class="p">{</span> <span class="nx">restriction_type</span> <span class="p">=</span> <span class="s2">"none"</span> <span class="nx">locations</span> <span class="p">=</span> <span class="p">[]</span> <span class="p">}</span> <span class="p">}</span> <span class="nx">viewer_certificate</span> <span class="p">{</span> <span class="nx">cloudfront_default_certificate</span> <span class="p">=</span> <span class="kc">true</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>Now again, Plan the Terraform setup, if that satisfies you then apply the config.</p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>terraform plan </code></pre> </div> <p>Then run apply the changes</p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>terraform apply<br> </code></pre> </div> <h2> <br> <br> <br> Cleaning up Our infrastructure<br> </h2> <p>Finally, let's clean the infrastructure we've created by running the terraform destroy command.</p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>terraform destroy<br> </code></pre> </div> <h2> <br> <br> <br> Conclusion<br> </h2> <p>In this article, we explored how we can use AWS lambda to serve binary content, and how we can leverage CloudFront to enhance our solution.</p> <p>Although we were able to serve binary content with lambda, I found it inefficient when the image size was medium/large(it took almost 1.3s on average), probably due to the process of encoding and decoding the content from and to base64. </p> aws terraform lambda cloudfront