I need to call a Lambda function for all viewer-request and viewer-response events as part of the default behavior of the Cloudfront distribution that the SST (Serverless Stack Toolkit) framework generates.
I have the following declaration in SST:
const site = new NextjsSite(stack, my-site, {
customDomain: {
isExternalDomain: true,
domainName: ${envConfig.domainPrefix}my-site.com,
cdk: {
certificate: Certificate.fromCertificateArn(stack, envConfig.certId, envConfig.certArn),
},
},
cdk: {
distribution: {
defaultBehavior: {
allowedMethods: AllowedMethods.ALLOW_ALL,
cachedMethods: CachedMethods.CACHE_GET_HEAD,
viewerProtocolPolicy: ViewerProtocolPolicy.REDIRECT_TO_HTTPS,
cachePolicy: CachePolicy.CACHING_DISABLED,
originRequestPolicy: OriginRequestPolicy.ALL_VIEWER,
edgeLambdas:[
{
eventType: LambdaEdgeEventType.VIEWER_REQUEST,
includeBody: true,
functionVersion: lambda.Version.fromVersionArn(stack, 'ViewerRequestFunction', envConfig.authentication_viewer_request_function_arn)
},
{
eventType: LambdaEdgeEventType.VIEWER_RESPONSE,
functionVersion: lambda.Version.fromVersionArn(stack, 'ViewerResponseFunction', envConfig.authentication_viewer_response_function_arn)
}
],
}
}
}
});
But it results in the following build / deploy error:
AWS::CloudFront::Distribution: The event type of a function association must be unique in the cache behavior. Event type viewer-request cannot be associated with two functions: arn:aws:lambda:us-east-1::function: and amazon.edge.datastore.entity.HookFunctionAssociation@53f14b12[cacheBehaviorId=,hookType=viewer-request,functionArn=arn:aws:cloudfront::234336131475:function/eu-west-1uatmysiteSiinsiteCloudFrontFunctionC06EB308:LIVE
It appears that the CF dist that is generated by SST already wires up the viewer-request event to a Cloudfront method it creates, which violates the rule of a viewer-request only being associated with one function. Any idea what this handler does and how I might have more control over the CF dist that the NextJsSite construct generates?