Version: 4.6.1-saas

Installation and Initialization

This guide explains the installation and initialization process for NetFUNNEL CloudFront agent.

Step 1: Get Client ID

Go to NetFUNNEL console
Click the profile icon in the top right
Select Integration Credentials menu
Copy Client ID

Client ID Location

You can find it in the Integration Credentials menu after clicking the profile icon in the top right of the console screen.

Step 2: IAM Setup

Create IAM Role

AWS IAM console → Click [Roles]
Click [Create role]
Trusted entity: Select AWS service
Use case: Select Lambda
Click [Next: Permissions]

Configure Trust Entity

After creating the role, click [Trust Entity] tab
Edit Trust Entity and paste the following JSON:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "Service": [
          "edgelambda.amazonaws.com",
          "lambda.amazonaws.com"
        ]
      },
      "Action": "sts:AssumeRole"
    }
  ]
}

Attach Policy

Click [Permissions] tab
[Add permissions] → Click [Create inline policy]
Paste the following policy in the JSON tab (allows Lambda function to create and write CloudWatch logs):

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "logs:CreateLogGroup",
        "logs:CreateLogStream",
        "logs:PutLogEvents"
      ],
      "Resource": "*"
    }
  ]
}

Step 3: Create Lambda Function

Region Selection

Lambda function must be created in the us-east-1 (N. Virginia) region. This is an AWS requirement, as this region serves as the central location for replicating functions globally.

Create Lambda Function

Go to Lambda console in us-east-1 region
Click [Create function]
Select [Author from scratch]
Enter function name (e.g., "netfunnel-agent")
Runtime: Select Node.js
Select the IAM role created above
Click [Create function]

Configure Lambda Function

Download netfunnel-cloudfront-agent.js file from https://agent-lib.stclab.com/agents/cdn/cloudfront/netfunnel-cloudfront-agent-latest.js
Upload netfunnel-cloudfront-agent.js file to code source in [Code] tab
Open index.mjs file and write the following code:

import handleEvent from './netfunnel-cloudfront-agent.js';
const config = {
  clientID: "{{CLIENT_ID}}",
}
export const handler = async (event) => {
  return await handleEvent(event, config)
};

Check CLIENT_ID in the NetFUNNEL console.

Create package.json file and paste the following code:

{
    "name": "cloudfront-agent",
    "type": "module",
    "dependencies": {}
}

Click [Deploy] button
[Versions] tab → Click [Publish new version]

Step 4: CloudFront Configuration

Connect Lambda@Edge

Select CloudFront Distribution to apply Lambda@Edge
Select an item in [Behaviors] tab and click [Edit]
In Function associations at the bottom:
- Viewer request: Enter the created Lambda function ARN (including version, e.g., :1)
- Viewer response: Enter the created Lambda function ARN (including version, e.g., :1)
Click [Save changes]

CloudFront Invalidation

Click [Invalidations] tab
Click [Create invalidation]
Object paths: Enter /*
Click [Create invalidation]
After invalidation is complete, Lambda@Edge connection will be applied to CloudFront

Next Steps

Initialization Settings: Lambda config and additional feature configuration
Troubleshooting: Common issues and solutions

Step 1: Get Client ID​

Step 2: IAM Setup​

Create IAM Role​

Configure Trust Entity​

Attach Policy​

Step 3: Create Lambda Function​

Create Lambda Function​

Configure Lambda Function​

Step 4: CloudFront Configuration​

Connect Lambda@Edge​

CloudFront Invalidation​

Next Steps​