|
|
|
|
|
|
by ignoramous
2307 days ago
|
|
|
> I would simply trigger a Lambda function once a minute (or every X minutes) using CloudWatch to fetch the latest articles and save them to an S3 bucket which I would expose and cache using CloudFront or any other CDN service. Lot of upsides to this design, and this pretty much outlines a toned-down version of a very large, high-throughtput, low-latency globally distributed configuration system with strict write-ordering but near-realtime write-propagation guarantees a sister team worked on (though, I hear, they're redesigning it for reasons not relevant in this context). There is much to like about it. Fetching items from S3 (fronted by a CDN or not) would require managing credentials at the client-side, though? Do-able but may require additional code for an auth-service (AWS Cognito or AWS STS or...)? |
|
|
You can simply whitelist the IP addresses of the CDN (many of them provide them in their documentation or provide an API for it) in your bucket policy. It’s important to schedule a Lambda to run every now and then to check whether there are changes to the IP addresses and update the policy accordingly.
Another way would be to set a custom header with a token on the CDN to be sent in requests to the origin, which you can, again, whitelist in your bucket policy.