Amazon CloudFront
Developer Guide (API Version 2016-09-29)

Requirements and Restrictions on Lambda Functions

Note the following requirements and restrictions on using Lambda functions with CloudFront:

CloudFront Distributions and Associations
  • You can create triggers (associations) for Lambda functions for a maximum of 25 distributions per AWS account.

  • You can create a maximum of 100 triggers (associations) for a distribution.

CloudFront Triggers for Lambda Functions
  • You can add triggers only for a numbered version, not for $LATEST or for aliases.

  • You can add triggers only for functions in the US East (N. Virginia) Region.

  • To add triggers, the IAM execution role associated with your Lambda function must be assumable by the service principals and For more information, see Setting IAM Permissions and Roles for Lambda@Edge in the IAM User Guide.

CloudWatch Logs

For information about Amazon CloudWatch Logs limits, see CloudWatch Logs Limits in the Amazon CloudWatch User Guide.

HTTP Status Codes

CloudFront doesn't execute Lambda functions for origin response and viewer response events if the origin returns HTTP status code 400 or higher.

Lambda Function Configuration and Execution Environment
  • You must create functions with the nodejs6.10 runtime property.

  • A function can use a maximum of 128 MB of memory.

  • You can't configure your Lambda function to access resources inside your VPC.

  • The maximum execution timeout for CloudFront origin request and origin response events is 3 seconds.

  • The maximum execution timeout for CloudFront viewer request events and viewer response events is 1 second.

  • Lambda limits apply, including the limit on concurrent executions. For more information, see AWS Lambda Limits in the AWS Lambda Developer Guide.

  • The Dead Letter Queue (DLQ) isn't supported.

  • The size of the code and associated libraries that you can upload for a function is limited to 1 MB. You can compress the deployment package using .zip format; a compressed package is limited to 1 MB in compressed format.

  • Environment variables aren't supported.

Microsoft Smooth Streaming

You can't create triggers for a CloudFront distribution that you're using for on-demand streaming of media files that you've transcoded into the Microsoft Smooth Streaming format.

Network Access

A function can make network calls to services in AWS regions such as S3 buckets, DynamoDB tables, or EC2 instances.

We recommend that you don't make network calls for viewer request and viewer response events. Network calls for these events can significantly increase latency for viewers.

Response Size Limits

The maximum size of a response that is generated by a Lambda function (including the headers and body) depends on the event that triggered the function:

  • Viewer request events – 40 KB

  • Origin request events – 256 KB

If the response is larger than the allowed size, CloudFront returns an HTTP 502 status code (Bad Gateway) to the viewer.


If a function changes the URI for a request, that doesn't change the cache behavior for the request or the origin that the request is forwarded to.