Maximum allowed size for functions
Opened this issue · 7 comments
Hi,
com.amazonaws.services.cloudfront.model.InvalidLambdaFunctionAssociationException: The function code size is larger than the maximum allowed size for functions that are triggered by a CloudFront event
I am getting this error following this guide (Step 2.ii): https://github.com/Widen/cloudfront-auth/wiki/Manual-Deployment. It seems the lambda zip it creates when I run ./build.shis too large.
I read up on the quotas, it seems like the 1MB is being exceeded for viewer requests: https://imgur.com/a/pSuzrFg
Did I do something wrong or is this normal? I'm trying to setup a lambda edge function with my cloudfront distribution to authenticate with Azure AD
Changing the build script to
npm install --only=production && cd build && npm install --only=production && cd .. && node build/build.js
worked so far :) but I had to manually copy some files to the .zip file that is required.
worked so far :) but I had to manually copy some files to the .zip file that is required.
What files did you need to manually copy?
Hey @jonasgroendahl @loadfix , so the way I use this currently is via its counterpart terraform module, which pulls in the zip, and adds in the config necessary for the lambda@edge function to work.
worked so far :) but I had to manually copy some files to the .zip file that is required.
What files did you need to manually copy?
In my case I only had to add the simpleurl.js file to the .zip file.
I changed the build/build.js file like this (line 105):
writeConfig(config, zip, ['config.json', 'index.js', 'auth.js', 'nonce.js', 'simpleurl.js']);
This seems to do the trick...
Remember to remove the node_modules and build/node_modules directories or you will still get the full sized zip file (28MB in my case)
@guizy67 looks like I missed that as I use a different method to build the zip for release:
https://github.com/nickshine/lambda-edge-azure-auth/blob/master/package.sh#L9-L20
For the released zip, you only have to add in your config.json, everything else should be good.
I'll put in a fix for the build.js script though, thanks!
For anyone else running into a build issue on Windows 10, here are the steps that worked for me:
- Install "zip" utility in Git bash (MinGW64). (See addendum to this comment for instructions)
- Run the build.sh script from a Git bash shell and put in your Cloudfront info and AD tenant info.
- Open the zip file generated in the distribution folder, and delete node_modules from it
- Run command "npm prune --production"
- Copy folder node_modules into the zip file.
- Copy file "simpleurl.js" into the zip file.
- Upload Zip file to AWS Lambda. Final zip file size came out to around 560kb... big difference from original 26mb size.
Addendum: Installing zip CLI on Windows
https://stackoverflow.com/questions/38782928/how-to-add-man-and-zip-to-git-bash-installation-on-windows
Navigate to this sourceforge page
Top answer copy/paste:
Download zip-3.0-bin.zip
In the zipped file, in the bin folder, find the file zip.exe.
Extract the file zip.exe to your mingw64 bin folder (for me: C:\Program Files\Git\mingw64\bin)
Navigate to to this sourceforge page
Download bzip2-1.0.5-bin.zip
In the zipped file, in the bin folder, find the file bzip2.dll
Extract bzip2.dll to your mingw64\bin folder (same folder as above: C:\Program Files\Git\mingw64\bin)
Update: I was able to get this Lambda function deployed but it never worked right for my setup; it gets stuck in a loop and eventually fails with a 403 or 500.
In case anyone else is ending up at this point and scratching their head about what to do next, here's the approach that finally worked for me:
- Set up Cognito Pool with Azure AD selected as the SAML IDP. I followed this tutorial: https://aws.amazon.com/blogs/security/how-to-set-up-amazon-cognito-for-federated-authentication-using-azure-ad/
- Set up the "cognito-at-edge" Lambda as your CloudWatch Lambda@Edge Request handler: https://github.com/awslabs/cognito-at-edge
- Enjoy SSO