1 Answer
- Newest
- Most votes
- Most comments
2
POST methods requires signing.
As per Restricting access to an AWS Lambda function URL origin
If you use PUT or POST methods with your Lambda function URL, your user must provide a signed payload to CloudFront. Lambda doesn't support unsigned payloads.
Relevant content
- asked 9 months ago
- asked a month ago
- asked 2 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 years ago
@Mike, thank you for the answer! That will explain what I am seeing. Exuse my misunderstanding but does that mean the end user needs to sign the payload following sigv4? How does this work with Cloudfront's OAC, what credentials would the end-user use? I was under the impression it would do the signing for us, essentially proxying the request.
@Braiden, OAC signs requests to Lambda function URL, just not for POST/PUT request currently. If you need POST without end-user signing, a possible solution to sign them using Lambda@Edge as per https://aws.amazon.com/blogs/compute/protecting-an-aws-lambda-function-url-with-amazon-cloudfront-and-lambdaedge/
@Mike_L not sure if this is intended but all I had to do, to get this to work was include a "x-Amz-Content-Sha256" header with the hash of the payload in my request. That made it work, with auth still enabled on the lambda URL. Weird but.. nice!
Adding the
X-Amz-Content-Sha256
also worked for me, but it's really unfortunate that CF isn't able to just add the hash dynamically for you.Are there plans for OACs to also support POST/PUT requests?