Manual Deployment

1. Upload cloudfront-auth.zip to Lambda using the AWS Console:

   1. Choose Create function
   2. Choose Blueprints
      • Search and select cloudfront-http-redirect
      • Enter Name (e.g. My_Site_Cloudfront_Auth)
      • Select Create new role from Templates as the Role
      • Enter Role Name (e.g. Lambda_At_Edge_Cloudfront)
      • Add the role policy template Basic Edge Lambda Permissions
      • Click Create function
   3. Choose Upload a .ZIP file under the Function code header and Code entry type field
      • Click Upload and choose your generated cloudfront-auth.zip file
      • Set Timeout under Basic Settings to be 5 seconds
      • Click Save
   4. Choose Publish new version under the Actions button
      • Enter a version description (e.g. v1)
   5. Copy the ARN value (required to be your published versioned) from the top-right: arn:aws:lambda:us-east-1:9999999999:function:my-site-cloudfront-auth:1

2. Configure CloudFront to use the Lambda function upon viewer request:

   1. Choose the Behaviors tab for your CloudFront distribution, mark the checkbox for the origin, choose Edit
   2. Under Lambda Function Associations
      • Select Viewer Request for the Event Type
      • Enter the Lambda ARN value (e.g. arn:aws:lambda:us-east-1:9999999999:function:my-site-cloudfront-auth:1)
      • Save
   3. It may take Cloudfront up to 20 minutes to fully configure the distribution. You may receive strange errors while the distribution is still updating.
   4. When fully deployed, your browser will be redirected to your authentication provider as necessary! Enjoy!