Note: please first test your app with our quick and simple all-in-one solution here: https://github.com/sanfrancesco/prerendercloud-server before going through this Lambda@Edge+CloudFront setup process. Once that's debugged and working the way you want it, come back here to configure Lambda@Edge+CloudFront. This will save you hours of headache because debugging/iterating with Cloudfront/Lambda/S3 is slow.
4-minute YouTube video walk-through (2024-07-10 update: AWS UI/UX has slightly changed since video but the video is still accurate): https://youtu.be/SsMNQ3EaNZ0
TL;DR:
- step 1: put www files in s3 bucket
- step 2: create cloudfront distribution pointing at s3 bucket
- step 3: clone this repo,
npm install
and run:CLOUDFRONT_DISTRIBUTION_ID=yourDistributionId make deploy
(set yourDistributionId to what was created in step 2) - step 4: wait ~5 minutes for aws systems to propagate (cloudfront url will show some error in the meantime)
full guidance below or in video:
Server-side rendering (pre-rendering) via Lambda@Edge for single-page apps hosted on CloudFront with an s3 origin. It forwards requests to Headless-Render-API.com to be pre-rendered using a headless Chrome browser.
This is a serverless project with a make deploy
command that:
- serverless.yml deploys 3 functions to Lambda (
viewerRequest
,originRequest
,originResponse
) - deploy.js associates them with your CloudFront distribution
- create-invalidation.js clears/invalidates your CloudFront cache
Read more:
- Headless-Render-API.com (formerly named prerender.cloud from 2016 - 2022)
- Dec, 2016 Lambda@Edge intro
- Lambda@Edge docs
- CloudFront docs for Lambda@Edge
- S3 bucket with index.html and JavaScript files
- CloudFront distribution pointing to that S3 bucket (that also has * read access to that bucket)
Start with a new test bucket and CloudFront distribution before modifying your production account:
(it'll be quick because you'll be using the defaults with just 1 exception)
- S3 bucket in us-east-1 with default config (doesn't need to be public and doesn't need static web hosting)
- yes, us-east-1 makes things easier (using any other region will require a URL change for your CloudFront origin)
- CloudFront distribution with S3 origin with default config except:
- (give CloudFront access to that bucket)
- "Restrict Bucket Access" = "Yes"
- "Origin Access Identity" = "Create a New Identity"
- "Grant Read Permissions on Bucket" = "Yes, Update Bucket Policy"
- (alternatively your S3 bucket can be public - meaning an access policy that allows getObject on
*
for*
)
- recommend enabling "automatic compression"
- (give CloudFront access to that bucket)
That's all you need. Now just wait a few minutes for the CloudFront DNS to propogate.
Note, you will not be creating a CloudFront "custom error response" that redirects 404s to index.html, and if you already have one, then remove it - because this project uploads a Lambda@Edge function that replaces that functionality (if you don't remove it, this project won't work).
$ git clone https://github.com/sanfrancesco/prerendercloud-lambda-edge.git
Node v20 (it works with node as low as v12 but aws lambda requires latest version of nodejs), and npm
$ npm install
Edit handler.js and set your headless-render-api.com API token (cmd+f for prerenderToken
)
note: Headless-Render-API.com was previously known as Prerender.cloud (rebranded 2022-05-01)
e.g. botsOnly
, removeTrailingSlash
in handler.js
(this step is only necessary if you are using an existing CloudFront distribution)
If you're using an existing CloudFront distribution, you need to remove this feature.
It has to be removed because it prevents the execution of the viewer-request function. This project replicates that functionality (see caveats)
- go here: https://console.aws.amazon.com/cloudfront/home
- click on your CloudFront distribution
- click the "error pages" tab
- make note of the TTL settings (in case you need to re-create it)
- and delete the custom error response (because having the custom error response prevents the
viewer-request
function from executing).
(this step is only necessary if you want 404s to work)
Since we can't use the "custom error response", and we're implementing it ourselves, this permission is neccessary for CloudFront+Lambda@Edge to return a 404 for a requested file that doesn't exist (only non HTML files will return 404, see caveats below). If you don't add this, you'll get 403 forbidden instead.
- go to s3 console
- click on the bucket you created in step 1 for this project
- click "permissions"
- click "bucket policy"
- modify the Action and Resource to each be an array, they should look like (change the bucket name in resource as appropriate):
"Action": [
"s3:GetObject",
"s3:ListBucket"
],
"Resource": [
"arn:aws:s3:::CHANGE_THIS_TO_YOUR_BUCKET_NAME_FROM_STEP_1/*",
"arn:aws:s3:::CHANGE_THIS_TO_YOUR_BUCKET_NAME_FROM_STEP_1"
]
If you're not editing an IAM policy specifically, the UI/UX checkbox for this in the S3 interface is, for the bucket, under the "Permissions" tab, "List Objects"
You can modify the content of the 404 page in handler.js
8. Lambda@Edge function Deployment (only needs to be done once, or whenever you git pull
from this repo)
- Make sure there's a "default" section in your ~/.aws/credentials file with awsaccess_key_id/aws_secret_access_key that have any of the following permissions: (full root, or see serverless discussion or you can use the following policies, which are _almost root: [AWSLambdaFullAccess, AwsElasticBeanstalkFullAccess])
- now run:
$ CLOUDFRONT_DISTRIBUTION_ID=whateverYourDistributionIdIs make deploy
- See the created Lambda function in Lambda: https://console.aws.amazon.com/lambda/home?region=us-east-1#/functions
- See the created Lambda function in CloudFront: (refresh it, click your distribution, then the behaviors tab, then the checkbox + edit button for the first item in the list, then scroll to bottom of that page to see "Lambda Function Associations")
- sync/push the files to s3
- invalidate CloudFront
- you're done (no need to deploy the Lambda@Edge function after this initial setup)
caveat: note that headless-render-api.com has a 5-minute server cache that you can disable, see disableServerCache
in handler.js
Visit a URL associated with your CloudFront distribution. It will take a few seconds for the first request (because it is pre-rendered on the first request). If for some reason the pre-render request fails or times out, the non-pre-rendered request will be cached.
See logs in CloudWatch in region closest to where you made the request from (although the function is deployed to us-east-1, it is replicated in all regions).
To view logs from command line:
- use an AWS account with
CloudWatchLogsReadOnlyAccess
$ pip install awslogs
( https://github.com/jorgebastida/awslogs )AWS_REGION=us-west-2 awslogs get -s '1h' /aws/lambda/us-east-1.Lambda-Edge-Prerendercloud-dev-viewerRequest
AWS_REGION=us-west-2 awslogs get -s '1h' /aws/lambda/us-east-1.Lambda-Edge-Prerendercloud-dev-originRequest
- (change
AWS_REGION
to whatever region is closest to where you physically are since that's where the logs will be) - (FYI, for some reason, San Francisco based requests are ending up in us-west-2)
Sign in to headless-render-api.com web app and you'll see the last few requests made for your API key.
$ make destroy
will attempt to remove the Lambda@Edge functions - but as of Nov 2017, AWS still doesn't allow deleting "replicated functions" - in which case, just unnassociate them from your CloudFront distribution until delete functionality works.
This also means if you attempt to delete and recreate the functions, it will fail - so you'll need to change the name in serverless.yml and deploy.js (just append a v2)
You can also sign into AWS and go to CloudFormation and manually remove things.
- If you can't tolerate a slow first request (where subsequent requests are served from cache in CloudFront):
- crawl before invalidating the CloudFront distrubtion - just hit all of the URLs with service.headless-render-api.com and configure a
prerender-cache-duration
of something longer than the default of 5 minutes (300) - like 1 week (604800).
- crawl before invalidating the CloudFront distrubtion - just hit all of the URLs with service.headless-render-api.com and configure a
- This solution will serve index.html in place of something like
/some-special-file.html
even if/some-special-file.html
exists on your origin- We're waiting for the Lambda@Edge to add a feature to address this
- in the meantime use the
blacklistPaths
option (see handler.js)
- Redirects (301/302 status codes)
- if you use
<meta name="prerender-status-code" content="301">
to initiate a redirect, your CloudFront TTL must be zero, otherwise CloudFront will cache the body/response and return status code 200 with the body from the redirected path
- if you use
Simply update serverless.yaml to the latest or whatever you prefer and re-deploy: make deploy
- Read through the console output from the
make deploy
command and look for errors - Check your user-agent if using botsOnly
- Sometimes (rarely) you'll see an error message on the webpage itself.
- Check the AWS logs (see section "Viewing AWS Logs in CloudWatch")
- Check headless-render-api.com logs (see section "Viewing headless-render-api.com logs")
- Sometimes (rarely) there's an actual problem with AWS Lambda and you may just need to re-deploy