Skip to main content
Version: 4.6.2-saas

CloudFront Agent (Functions)

Overview

Seamlessly integrated with NetFUNNEL in the AWS CloudFront Functions environment, the agent controls the queue in real time at the frontline where user requests originate.

Create Function

Create Function

  • Go to CloudFront.
  • In the left side menu, click [Functions].
  • Click [Create function].
  • Enter a function name, select cloudfront-js-2.0 (default) as the runtime, and click [Create function].

Function Configuration

  • Copy and paste the agent file code into [Build] - [Function code] - [Development].
  • Click [Save changes].
  • Go to the [Test] tab, click [Test function], and check that the execution result is successful.
  • Go to the [Publish] tab and click [Publish function].

Create KeyValueStore

Create KeyValueStore

  • In the Associated KeyValueStore menu, click [Create new KeyValueStore].
  • Enter a name and click [Create].
  • In the Key value pairs menu, click [Edit].
  • Click [Add pair] and add the required values by referring to the table below.
KeyValue (example)Description
client_idstclab-0000The ID assigned to the customer by NetFUNNEL. You can find it in [NetFUNNEL Console] - [Agent] - [Edge Agent].
project_keyservice_1Enter the key of the project you want to use. You can find it in [NetFUNNEL Console] - [Project].
segment_keysegKey_1111, segKey_2222Enter the keys of all segments you want to use. The trigger priority is determined by the input order. You can find them in [NetFUNNEL Console] - [Project] - [Segment].
  • When you finish entering the values, click [Save changes], then click [Done] in the pop-up.

Associate with Function

  • In the Associated functions menu, click [Go to functions] and select the function you created above.
  • In the Associated KeyValueStore menu, click [Associate existing KeyValueStore].
  • Select the KeyValueStore you created above and click [Associate KeyValueStore].

CloudFront Configuration

Connect Functions to CloudFront

  • Select the CloudFront distribution ID to which you will apply the Function.
  • In the [Behaviors] tab, select an item and click [Edit].
  • At the bottom under Function associations, select the function you created above for Viewer request.
  • Click [Save changes].

CloudFront Invalidation

  • Go to the [Invalidations] tab and click [Create invalidation].
  • Enter /* in Object paths and click [Create invalidation].
  • When invalidation completes, the Functions association will be applied to CloudFront.

KeyValueStore Configuration

Because CloudFront Function cannot communicate externally, the trigger rules, entry pass, and entry key invalidation features provided in [NetFUNNEL Console] - [Segment] can be used through KeyValueStore (KVS).

In addition, agent-provided features such as trigger time, Good Bot exception, entry key auto-return, waiting room domain change (CNAME), and cookie domain configuration can be used through KVS.

Trigger Rules

Define the page conditions (URL, Domain, Path) where waiting is applied for each segment.

Configuration Format

KeyValue
{segment_key}:trigger:{component}:{match}Full or partial URL (e.g. stclab.com)

Key Parameters

For the key components {component} and {match}, enter a combination of the values below.

  • {component}: Comparison target
    • url: Based on the full URL
    • domain: Based on the domain address (e.g. netfunnel.stclab.com)
    • path: Based on the path after the domain (e.g. /shop, /login)
  • {match}: Comparison method
    • equal: When it exactly matches the entered value
    • contain: When the target contains the entered value

Configuration Examples

ScenarioKeyValue
Specific path included
(All requests where the URL path contains shop)		segKey_1111:trigger:path:containshop
Specific domain match
(All requests coming to a specific domain)		segKey_2222:trigger:domain:equalnetfunnel.stclab.com
Exact specific page match
(When it exactly matches the event page URL)		segKey_3333:trigger:url:equalhttps://netfunnel.stclab.com/event

Trigger Time

Configure this when a segment's trigger rule matches, but you want waiting to occur only at a specific time. You can configure it separately for one-time and recurring use.

info

If trigger time is not configured, users are always redirected to the waiting room.

One-Time Trigger Configuration

KeyValue
{segment_key}:trigger:{action}10-digit timestamp (e.g. 1777654300)
  • Enter start or end for {action}.
  • If only start is configured, users are always redirected to the waiting room after the time entered in Value.
  • If only end is configured, users are always redirected to the waiting room until the time entered in Value.
  • If both start and end are configured, users are redirected to the waiting room between the times entered in each Value.

Recurring Trigger Configuration - Daily

KeyValue
{segment_key}:trigger:{action}:every:dayHH:mm (e.g. 17:30)
  • Enter start or end for {action}.
  • If only start is configured, users are redirected to the waiting room from the time entered in Value until 24:00.
  • If only end is configured, users are redirected to the waiting room from 00:00 until the time entered in Value.
  • If both start and end are configured, users are redirected to the waiting room between the times entered in each Value.

Recurring Trigger Configuration - Weekly

KeyValue
{segment_key}:trigger:{action}:every:weekday1,day2:HH:mm (e.g. mon,wed,fri:17:30)
  • The rules for start and end in {action} are the same as the daily recurring configuration, so they are omitted here.
  • The first element of Value can be sun, mon, tue, wed, thu, fri, or sat, and you can enter multiple values separated by commas (,).

Timezone Configuration

Configure the timezone. Trigger times are calculated based on this setting.

info

If timezone is not configured, it defaults to 9 (Seoul, Tokyo).

KeyValue
timezone_offsetPositive or negative integer (e.g. 9 or -3)

Entry Pass Configuration

Grants a temporary pass to users who have finished waiting so they are not redirected to the waiting room for the configured duration.

info

If entry pass is not configured, the minimum value (5) is applied.

KeyValue
{segment_key}:entry_passNumber in seconds (e.g. 300)
  • The minimum Value is 5 (5 seconds), and the maximum Value is 86400 (24 hours).
  • If the entered Value is less than 5, it is adjusted to the minimum value. If it is greater than 86400, it is adjusted to the maximum value.

Entry Pass Invalidation

Forcefully terminates an entry pass even if it is still valid when the user enters at a specific time or URL. After invalidation, when the user enters a URL that matches the trigger rule, the user is redirected to the waiting room.

URL-Based Invalidation

Invalidates the entry pass when the user enters a specific URL. Waiting room redirection does not occur on the URL configured for invalidation.

KeyValue
{segment_key}:invalidate:url:{match}Full or partial URL (e.g. domain address or specific path)
  • For {match}, use equal or contain, the same as the trigger rule.

Time-Based Invalidation

Invalidates entry passes issued before a specific time. Entry passes work when users enter after the configured invalidation time.

KeyValue
{segment_key}:invalidate:time10-digit timestamp (e.g. 1777654300)

Good Bot Exception

When the User-Agent contains a Good Bot identifier keyword, the request is excluded from agent control.

KeyValue
good_botsgoodbot list (e.g. Googlebot, Bingbot, Slurp)
  • You can enter multiple good bots separated by commas (,).

Entry Key Auto-Return

The NetFUNNEL agent automatically returns the issued key after entry so the next user in line can enter. Use this feature when you want the key to be returned at the segment timeout instead of returning it immediately.

info

If entry key auto-return is not configured, it is applied as true and the key is always returned automatically.

KeyValue
return_keytrue or false

Change Waiting Room Domain

The domain of the NetFUNNEL waiting room page is agent-lib.stclab.com. To change it to your service domain, request your desired domain and also add it to the configuration.

KeyValue
vwr_page_domainProtocol and domain (e.g. https://wait.stclab.com)

The NetFUNNEL agent stores the issued key in cookies based on the current page domain after entry. To share keys across different subdomains, configure the main domain to be stored in the cookie.

info

If you need to share cookies across pages with different subdomains, such as netfunnel.stclab.com and botmanager.stclab.com, set it to .stclab.com.

KeyValue
cookie_domain.main domain (e.g. .stclab.com)

title: CloudFront Agent keywords: [NetFUNNEL, CloudFront, agent, Lambda@Edge, integration, traffic control, queue management, waiting room, CDN, AWS] description: Seamlessly integrated with NetFUNNEL in the AWS CloudFront Lambda@Edge environment, the agent controls the queue in real time at the frontline where user requests originate.

Overview

Seamlessly integrated with NetFUNNEL in the AWS CloudFront Lambda@Edge environment, the agent controls the queue in real time at the frontline where user requests originate.

IAM Configuration

Create IAM Role

  • Go to the IAM console in AWS.
  • Click [Roles], then click [Create role].
  • Select AWS service as the trusted entity and choose Lambda as the use case.
  • Click [Next: Permissions].

Trust Entity Configuration

  • After creating the role, go to the [Trust Entity] tab.
  • Edit the Trust Entity and paste the JSON below.
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "Service": [
          "edgelambda.amazonaws.com",
          "lambda.amazonaws.com"
        ]
      },
      "Action": "sts:AssumeRole"
    }
  ]
}

Attach Policy

  • Go to the role's [Permissions] tab.
  • Click [Add permissions], then click [Create inline policy].
  • Paste the policy below in the JSON tab. (This policy allows the Lambda function to create and write CloudWatch logs.)
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "logs:CreateLogGroup",
        "logs:CreateLogStream",
        "logs:PutLogEvents"
      ],
      "Resource": "*"
    }
  ]
}

Create Lambda Function

warning

The Lambda function must be created in the us-east-1 (N. Virginia) region. This is an AWS requirement; this region serves as the central location for replicating the function globally.

  • Go to the Lambda console in the us-east-1 region.
  • Click [Create function].
  • Select [Author from scratch].
  • Enter a name for the function (e.g. "netfunnel-agent").
  • Select Node.js as the runtime.
  • In Step 1, select the IAM role you created above.
  • Click [Create function].

Lambda Function Configuration

  • In the [Code] tab, add the agent file to the code source.
  • Open the index.mjs file and add the following code.
info

You can find CLIENT_ID in the NetFUNNEL console.

import handleEvent from './{AGENT_FILE_NAME}';
const config = {
  clientID: "{{CLIENT_ID}}",
}
export const handler = async (event) => {
  return await handleEvent(event, config)
};
  • Create a package.json file and paste the following code.
{
    "name": "cloudfront-agent",
    "type": "module",
    "dependencies": {}
}
  • When finished, click the [Deploy] button.
  • Go to the [Versions] tab and click [Publish new version].

CloudFront Configuration

Connect Lambda@Edge to CloudFront

  • Select the CloudFront distribution ID to which you will apply Lambda@Edge.
  • In the [Behaviors] tab, select an item and click [Edit].
  • At the bottom under Function associations, enter the ARN of the Lambda function you created for Viewer request and Viewer response. Be sure to include the version suffix (e.g. add :1 if the version is 1).
  • Click [Save changes].

CloudFront Invalidation

  • Go to the [Invalidations] tab and click [Create invalidation].
  • Enter /* in Object paths and click [Create invalidation].
  • When invalidation completes, the Lambda@Edge association will be applied to CloudFront.

Additional Features

Good Bot Exception

When the User-Agent contains a Good Bot identifier keyword, the request is excluded from agent control.

Lambda Configuration

  • Open the Lambda function with the NetFUNNEL agent applied.
  • Open the index.mjs file.
  • Add the User-Agent values of the good bots you want to include to the goodBots array in the config object, as shown below.
info

Example code that excludes Google, Microsoft, Yahoo, Apple, and Facebook bots.

const config = {
  ...
  goodBots: ["Googlebot", "Bingbot", "Slurp", "Applebot", "facebookexternalhit"],
}
  • When finished, click the [Deploy] button.
  • Go to the [Versions] tab, click [Publish new version], and update the version.

CloudFront Configuration

  • Select the CloudFront distribution ID with Lambda@Edge applied.
  • In the [Behaviors] tab, select an item and click [Edit].
  • Under Function associations at the bottom, update Viewer request and Viewer response to the new version.
  • Click [Save changes].

Entry Key Auto-Return

The NetFUNNEL agent automatically returns the issued key after entry so the next user in line can enter. Use this feature when you want the key to be returned at the segment timeout instead of returning it immediately.

Lambda Configuration

  • Open the Lambda function with the NetFUNNEL agent applied.
  • Open the index.mjs file.
  • Set the returnKey property in the config object to enable or disable entry key auto-return, as shown below.
const config = {
  ...
  returnKey: true,
}
info

When set to true (default), the agent automatically returns the NetFUNNEL key when the user enters after waiting. When set to false, the key is returned at the timeout configured in the segment.

  • When finished, click the [Deploy] button.
  • Go to the [Versions] tab, click [Publish new version], and update the version.

CloudFront Configuration

  • Select the CloudFront distribution ID with Lambda@Edge applied.
  • In the [Behaviors] tab, select an item and click [Edit].
  • Under Function associations at the bottom, update Viewer request and Viewer response to the new version.
  • Click [Save changes].

Change Waiting Room Domain

The domain of the NetFUNNEL waiting room page is agent-lib.stclab.com. To change it to your service domain, request your desired domain and also add it to the configuration.

Lambda Configuration

  • Open the Lambda function applied to viewer-request.
  • Open the index.mjs file.
  • Set the vwrPageDomain property in the config object to the waiting room URL you want to use.
info

Example code that changes the waiting room domain to wait.stclab.com.

const config = {
  ...
  vwrPageDomain: "https://wait.stclab.com",
}
  • When finished, click the [Deploy] button.
  • Go to the [Versions] tab, click [Publish new version], and update the version.

CloudFront Configuration

  • Select the CloudFront distribution ID with Lambda@Edge applied.
  • In the [Behaviors] tab, select an item and click [Edit].
  • Under Function associations at the bottom, update Viewer request and Viewer response to the new version.
  • Click [Save changes].

The NetFUNNEL agent stores the issued key in cookies based on the current page domain after entry. To share keys across different subdomains, configure the main domain to be stored in the cookie.

info

Set to .stclab.com so that cookies are shared across pages with different subdomains, such as netfunnel.stclab.com and botmanager.stclab.com.

Lambda Configuration

  • Open the Lambda function applied to viewer-request.
  • Open the index.mjs file.
  • Set the cookieDomain property in the config object in the format .MAIN_DOMAIN, as shown below.
info

Example code that sets the cookie domain to .stclab.com.

const config = {
  ...
  cookieDomain: ".stclab.com",
}
  • When finished, click the [Deploy] button.
  • Go to the [Versions] tab, click [Publish new version], and update the version.

CloudFront Configuration

  • Select the CloudFront distribution ID with Lambda@Edge applied.
  • In the [Behaviors] tab, select an item and click [Edit].
  • Under Function associations at the bottom, update Viewer request and Viewer response to the new version.
  • Click [Save changes].