Using AWS CloudFormation to Deploy a Serverless Web Delivery Infrastructure

Posted by Paul Taylor on December 01, 2019 · 6 mins read

Deploy a Serverless Web Delivery Infrastucture using Amazon CloudFormation

In this post, I will guide you through the steps to deploy a serverless Web Delivery Infrastructure using Amazon Web Services.

What is a Serverless Web Delivery Infrastructure?

I use Amazon Web Services for my blog, ptylr.com. I deploy it using a serverless configuration consisting of:

  • An Amazon S3 Bucket to store files;
  • Amazon CloudFront to provide edge-based caching of these files upon request;
  • AWS Lambda@Edge Functions to handle typical web-server based functions, such as generating search-optimised URIs, default documents and file restriction;
  • AWS Certificate Manager to provision and manage SSL/TLS certificates;
  • Amazon Route-53 for DNS management.

The result is a simple to manage, highly-available, highly-scalable delivery topology that is also very cost-efficient.

Serverless Web Delivery Infrastructure Diagram Serverless Web Delivery Infrastructure Diagram

How Do I Deploy a Serverless Web Delivery Infrastructure?

To deploy and maintain the infrastructure for ptylr.com, I use AWS CloudFormation.

Per Amazon themselves (https://aws.amazon.com/cloudformation/),

AWS CloudFormation allows you to use programming languages or a simple text file to model and provision, in an automated and secure manner, all the resources needed for your applications across all regions and accounts.

Could I manage a Serverless Web Delivery Infrastructure without using CloudFormation?

Yes, of course. You could configure each of the Amazon Services separately via the AWS CLI or Console. However, CloudFront is designed to take all the management effort away from you. It will automatically stand-up all of the infrastructure that you need, update it whenever you change the configuration and ultimately decommission it when no longer required. What’s more, there’s no additional charge for using CloudFormation - you pay only for the resources that it provisions.

What are the Steps to Deploy a Serverless Web Delivery Infrastructure, using AWS CloudFormation?

1) Visit the (Amazon Web Services Console at (https://console.aws.amazon.com/cloudformation/ and choose Create Stack > With new resources (standard).

CloudFormation > Create Stack CloudFormation > Create Stack

2) Under “Prerequisite - Prepare template”, select Template is ready and choose Amazon S3 URL in “Template Source”. Enter the location of the CloudFormation Template that you want to use. You are welcome to use mine, which will create the Serverless Web Delivery Infrastructure in the diagram above - (https://cloudformation-ptylr-com.s3.amazonaws.com/AWS-Serverless.yaml, then click Next.

CloudFormation > Select Template CloudFormation > Select Template

3) Complete the following details and then click Next:

  • Stack Name - Give the Stack a memorable name - I normally use the FQDN and replace the dots with hyphens;
  • AcmCertificateArn - The ARN of the AWS Certificate Manager that has a SAN for your FQDN. Note: If your certificate does not have a SAN for your FQDN, CloudFormation will terminate with an error.
  • FQDN

CloudFormation > Select Stack Details CloudFormation > Select Stack Details

4) The next screen (“Configure stack options”) allows you to configure properties on the Stack that you might want. I do not change the defaults and simply click Next.

CloudFormation > Configure Stack Options CloudFormation > Configure Stack Options

5) Now review the deployment configuration that CloudFormation will build. You will need to check the box to confirm that “I acknowledge that AWS CloudFormation might create IAM resources.”. Once done, click Create Stack.

CloudFormation > Confirm CloudFormation > Confirm

6) Sit back and relax while CloudFormation builds your Stack, provisioning Amazon S3, CloudFront, IAM Roles, Bucket Policies, Lambda Functions and CloudFront Behaviors.

CloudFormation > Building CloudFormation > Building

Once your Stack has been provisioned, which will normally take around 15 minutes or so, you will be able to assign DNS Records to your CloudFront Distribution, upload some content into the S3 Bucket and start serving your content.

EdgeServices (Optional Configuration)

To assist, we have automatically deployed a pair of AWS Lambda@Edge Functions, designed to perform a number of roles normally associated with traditional web servers. A previous post discussed what these are used for - see https://ptylr.com/edgeservices-a-pair-of-lambda-at-edge-functions-for-executing-common-operations-on-request/.

Designed to replace functionality traditionally managed within web.config, web.xml or .htaccess files with a single JSON file, located within the root of an Amazon S3 Bucket (the origin). EdgeServices consists of a pair of AWS Lambda Functions, written in Node.js, which can be deployed to Lambda@Edge to support edge-node execution, ensuring high performance globally. The Lambda@Edge Functions are designed to execute upon both “Origin Request” and “Origin Response” Amazon CloudFront Behaviors, allowing the result to be cached for future requests, adding to the edge-based execution performance benefits.

Harness EdgeServices to:

  • Set a Default Document;
  • Restrict access to an entire site or path, using HTTP 401 Authentication;
  • Deny access to an entire site or path;
  • Perform HTTP 301 and 302 redirects;
  • Perform complex rewriting functions (similar to mod_rewrite);
  • Handle custom error pages and behaviours;
  • Manage HTTP Headers.

EdgeServices Sequence Diagram EdgeServices Sequence Diagram

Configuration instructions are in the EdgeServices GitHub public repository, along with the source code, which is available under the MIT License. See https://github.com/ptylr/Lambda-at-Edge/tree/master/EdgeServices/.