Unable to add cloudfront as trigger to lambda function

Dayo Choul picture Dayo Choul · May 24, 2018 · Viewed 14.9k times · Source

Hi I've followed this instruction try to resize image with Cloudfront and lambda@edge. When I tried to test the resized image, I keep getting the error message below:

The Lambda function associated with the CloudFront distribution is invalid or doesn't have the required permissions.

So I checked the lambda functions created by cloud formation provided by the article I mentioned in the beginning, and I found there's no trigger in it.

enter image description here

I've tried to set it manually but getting the error message below:

CloudFront events cannot be associated with $LATEST or Alias. Choose Actions to publish a new version of your function, and then retry association.

I followed the instruction in the error message; publish, and add Cloudfront as trigger but it seems there's no way to apply it. It's still running the one without Cloudfront as the trigger.

How can I apply this version as my lambda service?

Is there any way to set Cloudfront as trigger and make this work properly?

Answer

CloudNinja picture CloudNinja · May 12, 2020

For people Googling "The Lambda function associated with the CloudFront distribution is invalid or doesn't have the required permissions":

I got that error and struggled to debug it. It turned out there were some programmatic errors inside my Lambda that I had to resolve. But, how do you debug it if, when hitting Cloudfront you keep getting "The Lambda function associated with the CloudFront distribution is invalid or doesn't have the required permissions". That, and there's nothing inside the Cloudwatch logs.

My Lambda was defined in Cloudformation inside a AWS::Lambda::Function's ZipFile attribute. I ended up going to the Lambda service inside AWS and creating a Lambda test payload corresponding to my Cloudfront event as documented here: Lambda@Edge Event Structure. Then, I could debug the Lambda inside the Lambda console without having to hit Cloudfront or having to navigate to Cloudwatch logs.