Logging RequestId in from Lambda#Edge in CloudWatch - amazon-cloudfront

I am working on a set of Lambda#Edge and trying to setup some audit logging. When the events end up in CloudWatch, I can see the START and END events are logging a RequestId, which appears to be a UUID. In the event I receive in the Lambda code, there is a requestId in Records[0].cf.config.requestId. The documentation says the requestId is
An encrypted string that uniquely identifies a viewer-to-CloudFront
request. The requestId value also appears in CloudFront access logs as
x-edge-request-id.
But it doesn't say how it's encrypted.
Is this requestId in the event the same RequestId I am seeing logged from CF in those START/END event logs?
How can I get the RequestId such that I can log it w/ my audit logs so we can more easily group the log events together?
Is there a reason it's encrypted if it's already logged in CW?
Is it bad practice to decrypt that value and log it?

Related

Reading Custom Headers on Lambda Edge request

I am using a Lambda Edge triggered by viewer-request to control access to a Cloudfront Distribution Origin (S3 Bucket). I want to allow/deny access to the distribution by sending an IdToken and a UID (user ID) string.
My code basically decodes the IdToken and reads a decodedUID inside it, then compares it to the UID passed as a header and if they match or not it allows/deny access to the Origin
I am using SAM to deploy all of this, when I test this code locally it works as it should but when I deploy the changes to AWS one of the two headers is not being received by the lambda
I am sending two headers with each request to the Cloudfront Distribution
Authorization
UID
But the UID Header is never reaching the lambda edge in the event
I am using Nodejs14.x as runtime, when I run console.log(request.headers) I see the Authorization header with the token but not the UID
Does someone know why is this happening and how can I fix it?
I managed to send the UID value as a query parameter but that solution is not fitting to what I need

Is there a way to get the status of an Event Grid trigger for azure function (Complete /Pending or Running)

by Httptrigger Azure function, if you send a POST request you receive something like this as a response:
{
"id": "66ee5d08196874aeb99c9e62ddc7b190",
"statusQueryGetUri": "https://asynchttpfunction.azurewebsites.net/runtime/webhooks/durabletask/instances/66ee5d08196945aeb44c9e62ddc7b190?taskHub=Orchestration&connection=Storage&code=FSVfJyGODSeKHPO0cM8Po9e1jMT7MghVMGuJqTaGTN56E1RUHnlVJg==",
"sendEventPostUri": "https://asynchttpfunction.azurewebsites.net/runtime/webhooks/durabletask/instances/66ee5d08196945aeb44c9e62ddc7b190/raiseEvent/{eventName}?taskHub=Orchestration&connection=Storage&code=FSVfJyGODSeKHPO0cM8Po9e1jMT7MghVMGuJqTaGTN56E1RUHnlVJg==",
"terminatePostUri": "https://asynchttpfunction.azurewebsites.net/runtime/webhooks/durabletask/instances/66ee5d08196945aeb44c9e62ddc7b190/terminate?reason={text}&taskHub=Orchestration&connection=Storage&code=FSVfJyGODSeKHPO0cM8Po9e1jMT7MghVMGuJqTaGTN56E1RUHnlVJg==",
"rewindPostUri": "https://asynchttpfunction.azurewebsites.net/runtime/webhooks/durabletask/instances/66ee5d08196945aeb44c9e62ddc7b190/rewind?reason={text}&taskHub=Orchestration&connection=Storage&code=FSVfJyGODSeKHPO0cM8Po9e1jMT7MghVMGuJqTaGTN56E1RUHnlVJg==",
"purgeHistoryDeleteUri": "https://asynchttpfunction.azurewebsites.net/runtime/webhooks/durabletask/instances/66ee5d08196945aeb44c9e62ddc7b190?taskHub=Orchestration&connection=Storage&code=FSVfJyGODSeKHPO0cM8Po9e1jMT7MghVMGuJqTaGTN56E1RUHnlVJg=="
}
The statusQueryGetUri provides information of the long running orchestration instance. If you follow this link you will receive a suitable runtimeStatus that describes the status of the orchestration instance along with some other useful information.here
My question is now:
actually we don't send a POST request to an Event grid Azure function trigger, Is there any way to get the status of the Azure function? Complete or is still running?
The Azure Event Grid is an eventing Pub/Sub model where the interest of source is distributed to the subscribed event handler endpoint or resource in the reliable manner with a retry policy and dead-lettering option. The AEG is waiting for delivery response processing max. 60 seconds.
There is no built-in the features what you are asking in the AEG, however you can use the REST API for metrics of the specific subscription to obtain its counters value:
MatchedEventCount,
DeliveryAttemptFailCount,
DeliverySuccessCount,
DroppedEventCount,
DeadLetteredCount
The following GET is an example for getting a subscription metrics:
https://management.azure.com/subscriptions/mysubId/resourceGroups/mygroup/providers/Microsoft.EventGrid/topics/mytester/providers/Microsoft.EventGrid/eventSubscriptions/mysubscription/providers/Microsoft.Insights/metrics?api-version=2018-01-01&interval=PT5M&metricnames=MatchedEventCount,DeliveryAttemptFailCount,DeliverySuccessCount,DroppedEventCount,DeadLetteredCount
Note, that the authorization header with a bearer token is required for this call.
More details about the monitoring an event message delivery can be found here.

Google Cloud Platform pub/sub - messages aren't being being delivered to subscriber

I am setting up push notifications for gmail based on the guide provided by google (https://developers.google.com/gmail/api/guides/push). I want to have my node app register a client with .watch(), and then receive emails at a specified endpoint, as described in the documentation.
I have created the pub/sub topic, added gmail as a publisher, added a subscriber, and called watch() in my node app. watch() returns the appropriate { historyId: xxxx, expiration: yyyy } object which, according to google's documentation, means the call succeeded.
handler for receiving email notification on backend:
export const receiveGmailEmail: RequestHandler = async (req, res) => {
log('Received update from google!');
log(JSON.stringify(req.body, null, 2));
return res.status(200);
}
Registering:
const watchRes = await gmailClient.watch();
log('====> Watch Response <=====');
log(JSON.stringify(watchRes, null, 2));
Server log that shows it is registering properly:
====> Watch Response <=====
{
"historyId": "6560",
"expiration": "1562025255689"
}
I never receive messages at the receive endpoint on my node app. According to the server logs, I never actually receive any request when a message is published. The problem appears to be that my messages are undelivered. I have confirmed through the Stackdriver monitor that the pub/sub topic is publishing messages when I send an email to the email address, but if I view the details of the subscription in Stackdriver, it shows an increasing number of undelivered messages.
Any thoughts on why messages in a subscription are sitting around undelivered?
It turns out this wasn't a Google pub/sub issue. Amazon Cloudfront blocks POST requests by default, so I had to edit the caching behavior to enable POST requests. https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-web-values-specify.html#DownloadDistValuesAllowedHTTPMethods

Azure Servicebus REST API : How to retrieve MessageId

I want to use REST API to send message to a servicebus topic.
Everything's working fine, the message is sent on the topic.
My client received an ACK fron servicebus by receiving an HTTP code 201, a void body, and some headers.
But I didn't received the messageId. I need it to retrieve treatment status in my internal product.
However, as at described into the documentation (https://learn.microsoft.com/en-us/rest/api/servicebus/message-headers-and-properties), the MessageId should be returned.
Is it normal? And how can I retrieve the MessageId?
The only other option is to set the MessageId by the client way, but I don't like this solution because it is not the responsability of the client to do that.

Send Extra payloads params in SNS notification register and get back same params when notification receives

I am implementing AWS SNS with AWS SES.
I am registering notification that calls my http endpoint handler and i am receiving perfect notification object. But along with notification identity i want to send my extra payloads that can be received when registered endpoints called. I am doing it in nodeJS
here is the snippet of registering notification
var params = {
Identity: 'myemail#mydomain.com', /* required */
NotificationType: 'Bounce', //["Delivery","Bounce","Complaint"], /* required */
SnsTopic: 'arn:aws-arnstring'
};
ses.setIdentityNotificationTopic(params, function(err, data) {
if (err) console.log(err, err.stack); // an error occurred
else console.log(data); // successful response
});
is there anyway to send extra params like Identity and NotificationType ?
thanks in advance
There does not appear to b a mechanism for adding metadata, however... the notification should contain source inside the mail object, which looks like it would be the sending email address.
Arguably, there's no need for additional metadata, because there's also the messageId provided with the notifications. This is the same identifier you got back when you submitted the message.
If you saved the metadata locally (or even in simpledb, dynamodb, rds, or even S3) under that ID when the message was submitted, you'd be able to look it up again. If you don't save something with each message you send, then you don't have a way to "close the loop" and track the fact that you've received a notification of bounce, complaint, or delivery of each message to each recipient from SES.
http://docs.aws.amazon.com/ses/latest/DeveloperGuide/notification-contents.html
It isn't currently possible to send extra parameters along with the notification. You should submit this feature request to the Amazon SES team, either via the Amazon SES forums or through AWS Developer Support.

Resources