THIS GIST HAS BEEN DEPRECATED
AWS introduced CloudFront Functions as an alternative (but not replacement) to Lambda@Edge functions. Both have their pros and cons but for naked-domain-to-www redirection a CloudFront Function is a better choice. Please see Naked Redirector CloudFront Function for an implementation example.
Intended to run on CloudFront as Lambda@Edge, naked redirector checks the incoming hostname and if it is naked, e.g. somedomain.com and not www.somedomain.com, it will redirect to the www subdomain with preserved path and query string variables.
- Install Dependencies for This Service
- Configure AWS Certificate Manager (ACM)
- Deploy This Service
- Configure CloudFront
- Configure Route53
- Useful Information
There are no dependencies for this service
- Create a certificate in us-east-1 for somedomain.com and include *.somedomain.com as an additional domain. This certificate will not only cover somedomain.com and www.somedomain.com but any other subdomains you may wish to add later.
- Open the AWS Lambda console. Ensure the region is set to
us-east-1
as AWS does not support @Edge functions in other regions. - Create a new function
- Copy and paste the contents of index.js from this gist to the new function
- Edit the domain placeholders with your own
- See the following note regarding IAM role trust policy
- Create the distro
- Add www.somedomain.com and somedomain.com as CNAMEs
- Select the new ACM certificate
- Navigate to the behaviour tab and add a new "viewer request" Lambda@Edge function specifying the ARN for the one you created above.
- Create an A record for www.somedomain.com that is an alias to the CloudFront distribution
- Create an A record for somedomain.com that is an alias to the CloudFront distribution
This is a very trivial, albeit extremely useful, Lambda@Edge function. It is triggered by CloudFront for every viewer request made. It simply checks the incoming hostname to ensure it is referencing the www subdomain (e.g. www.somedomain.com) and lets the request continue on to be handled by CloudFront normally. If the hostname happens to be the naked domain (e.g. somedomain.com) then the request is 301 redirected to https://www.somedomain.com. As an added bonus, it redirects for both http and https as it does not check the protocol for naked domains.
One minor "gotcha" to be aware of is that @Edge Lambda functions require some additional permissions beyond typical AWS FaaS, namely lambda.amazonaws.com
and edgelambda.amazonaws.com
. This Lambda@Edge is currently configured to use a custom IAM role nakedRedirectorRole
whose trust relationship policy document looks like:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": ["lambda.amazonaws.com", "edgelambda.amazonaws.com"]
},
"Action": "sts:AssumeRole"
}
]
}