By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Can OAC sign POST requests to cloudfront with a function URL behind?

0

I’ve set up a function url to respond to a webhook which works when I point the webhook at the url and the AUTH_TYPE is set to NONE.

When I add a cloud front distribution with the correct permissions (and OAC that is setup to sign all requests) in front and call the distribution URL using a GET request everything is good.

However when I make a POST request (with data in the body of the request) I get an InvalidSignatureException.

I thought that OAC would sign requests? Or can it not handle POST requests?

Should/Can I use a Lambda@Edge to sign the request “in transit”?

Topics
ServerlessComputeNetworking & Content Delivery
Tags
AWS LambdaAmazon CloudFrontLambda@Edge
Language
English
Piers Karsenbarg
asked 15 days ago292 views
1 Answer
2

Hello.

Judging from the answer at the URL below, it seems that the problem can be resolved by signing using something like Lambda@Edge or by including the "x-Amz-Content-Sha256" header containing the hash of the payload in the request.
https://repost.aws/ja/questions/QUbHCI9AfyRdaUPCCo_3XKMQ/lambda-function-url-behind-cloudfront-invalidsignatureexception-only-on-post

profile picture
EXPERT
Riku_Kobayashi
answered 15 days ago
profile picture
EXPERT
Oleksii Bebych
reviewed 15 days ago
  • Piers Karsenbarg
    15 days ago

    That's what I thought but that was from a couple of months ago so I thought I'd check to see if anything had changed since.

  • Riku_Kobayashi EXPERT
    15 days ago

    I also tried a POST request, but it resulted in an error, so I think it probably hasn't been changed.

Relevant content