One of our experience in Edge computing is 'Offloading Authentication to Edge'

Photo by panumas nikhomkhai from Pexels

This example is for AWS users who use Cloudfront (CF) for content delivery and wish to have authentication to restrict data to only authorized users.

Our app infrastructure uses the JWT token to authorize our users. Most of our content was open, but there are few APIs or content where we liked to put a gate for only authorized users.

The first idea, write a lambda function and attach it to the Application Load Balancer (ALB) and execute it on the rule. But, most of the content which we like to serve is not user-specific. It is a content that is gated for our premium customers.

This is when I tried offloading our authentication to [email protected] Wrote a function to validate the token and attached to the Viewer Request on CF behavior. That did the magic.

The user's requests which were not authorized were dropped at the Edge. In case the APIs are user-specific, the user's info can be added in the headers before passing it on to the ALBs.

There are few limitations currently. The size of the edge function is limited and they cannot make any network calls. This means all the code must run within your function. Also, there is a limit on the number of concurrent executions, etc.

But, I see the future very much here. All the computations, processing, data generation at the edge and making the user experience even better.

'Future is Edge Computing?'