Serverless & Edge Computing

Edge Computing Deployment

Edge computing moves your logic from centralized data centers to locations physically close to your users. This means sub-20ms response times globally for tasks like authentication, personalization, A/B testing, and content transformation. We deploy edge compute workloads on CloudFront Functions for lightweight transformations, Cloudflare Workers for full application logic, Fastly Compute for Wasm-based edge processing, and AWS IoT Greengrass for device-level edge compute.

Need this done for your project?

We implement, you ship. Async, documented, done in days.

Start a Brief

CloudFront Functions for Lightweight Edge Logic

CloudFront Functions execute in under 1ms at every CloudFront edge location. They are ideal for URL rewrites, header manipulation, and simple routing decisions.

resource "aws_cloudfront_function" "url_rewrite" {
  name    = "url-rewrite-${var.env}"
  runtime = "cloudfront-js-2.0"
  publish = true
  code    = <<-JS
    function handler(event) {
      var request = event.request;
      var uri = request.uri;
      
      // SPA routing — serve index.html for non-file paths
      if (!uri.includes('.')) {
        request.uri = '/index.html';
      }
      
      // Add security headers
      request.headers['x-frame-options'] = { value: 'DENY' };
      request.headers['x-content-type-options'] = { value: 'nosniff' };
      request.headers['x-xss-protection'] = { value: '1; mode=block' };
      
      // Geo-based routing
      var country = request.headers['cloudfront-viewer-country']
        ? request.headers['cloudfront-viewer-country'].value
        : 'US';
      
      if (['CN', 'RU', 'KP'].includes(country)) {
        return {
          statusCode: 403,
          statusDescription: 'Forbidden',
          body: { encoding: 'text', data: 'Access denied' },
        };
      }
      
      return request;
    }
  JS
}

resource "aws_cloudfront_distribution" "main" {
  default_cache_behavior {
    function_association {
      event_type   = "viewer-request"
      function_arn = aws_cloudfront_function.url_rewrite.arn
    }
  }
}

CloudFront Functions cost 1/6th of Lambda@Edge and have no cold starts. The tradeoff is a limited runtime: no network access, 2 MB code limit, and 10 KB response body limit. We use them for URL rewriting, security headers, and geo-blocking — leaving heavier logic to Lambda@Edge or origin servers.

Fastly Compute for Wasm Edge Processing

Fastly Compute runs WebAssembly at the edge, supporting Rust, Go, and JavaScript compiled to Wasm. It is ideal for CPU-intensive edge processing like image transformation or data validation.

// fastly.toml
manifest_version = 3
name = "edge-processor"
language = "javascript"

[local_server]
  [local_server.backends]
    [local_server.backends.origin]
      url = "https://origin.yourdomain.com"

// src/index.js — Fastly Compute handler
import { env } from 'fastly:env';
import { CacheOverride } from 'fastly:cache-override';

async function handleRequest(event) {
  const req = event.request;
  const url = new URL(req.url);
  
  // Image optimization at the edge
  if (url.pathname.startsWith('/images/')) {
    const width = url.searchParams.get('w') || '800';
    const format = req.headers.get('accept')?.includes('webp') ? 'webp' : 'jpeg';
    
    const originUrl = new URL(url.pathname, 'https://origin.yourdomain.com');
    originUrl.searchParams.set('width', width);
    originUrl.searchParams.set('format', format);
    
    const cache = new CacheOverride('override', { ttl: 86400 });
    const response = await fetch(originUrl, { backend: 'origin', cacheOverride: cache });
    
    response.headers.set('Cache-Control', 'public, max-age=86400');
    response.headers.set('Vary', 'Accept');
    return response;
  }
  
  // Default: pass through to origin
  return fetch(req, { backend: 'origin' });
}

addEventListener('fetch', (event) => event.respondWith(handleRequest(event)));

Fastly Compute processes requests in under 100 microseconds for Wasm workloads. We compile Rust or Go code to Wasm for performance-critical edge logic like JWT validation, request signing, or data transformation. The Fastly CLI enables local development with a full edge runtime simulator.

Multi-CDN Edge Strategy

For maximum reliability and performance, we implement multi-CDN edge deployments with DNS-based routing.

# Multi-CDN architecture
# Primary: CloudFront (AWS-native integration)
# Secondary: Cloudflare (DDoS protection, Workers)
# Failover: Route 53 health checks + failover routing

resource "aws_route53_health_check" "cloudfront" {
  fqdn              = "d123456.cloudfront.net"
  port              = 443
  type              = "HTTPS"
  resource_path     = "/health"
  failure_threshold = 3
  request_interval  = 10
}

resource "aws_route53_record" "primary" {
  zone_id = data.aws_route53_zone.main.zone_id
  name    = "cdn.yourdomain.com"
  type    = "A"

  alias {
    name                   = aws_cloudfront_distribution.main.domain_name
    zone_id                = aws_cloudfront_distribution.main.hosted_zone_id
    evaluate_target_health = true
  }

  set_identifier = "primary"
  failover_routing_policy {
    type = "PRIMARY"
  }
  health_check_id = aws_route53_health_check.cloudfront.id
}

resource "aws_route53_record" "secondary" {
  zone_id = data.aws_route53_zone.main.zone_id
  name    = "cdn.yourdomain.com"
  type    = "CNAME"
  ttl     = 60
  records = ["yourdomain.com.cdn.cloudflare.net"]

  set_identifier = "secondary"
  failover_routing_policy {
    type = "SECONDARY"
  }
}

DNS failover automatically routes traffic from CloudFront to Cloudflare if the primary CDN fails health checks. We deploy identical edge logic to both CDN platforms using a shared build that compiles to both CloudFront Functions and Cloudflare Workers formats.

Edge Caching & Invalidation

We configure intelligent caching strategies at the edge to maximize cache hit rates while ensuring content freshness.

resource "aws_cloudfront_cache_policy" "api" {
  name        = "api-cache-${var.env}"
  min_ttl     = 0
  default_ttl = 60
  max_ttl     = 3600

  parameters_in_cache_key_and_forwarded_to_origin {
    cookies_config {
      cookie_behavior = "none"  # Don't vary cache by cookies
    }
    headers_config {
      header_behavior = "whitelist"
      headers {
        items = ["Accept", "Authorization"]
      }
    }
    query_strings_config {
      query_string_behavior = "whitelist"
      query_strings {
        items = ["page", "limit", "sort"]
      }
    }
    enable_accept_encoding_brotli = true
    enable_accept_encoding_gzip   = true
  }
}

# Targeted cache invalidation on data changes
# DynamoDB Stream → Lambda → CloudFront invalidation
export const invalidateCache = async (event: DynamoDBStreamEvent) => {
  const paths: string[] = [];
  
  for (const record of event.Records) {
    const item = unmarshall(record.dynamodb!.NewImage! as any);
    if (item.type === 'product') {
      paths.push(`/api/products/${item.id}`);
      paths.push('/api/products');  // List endpoint
    }
  }
  
  if (paths.length > 0) {
    await cloudfront.send(new CreateInvalidationCommand({
      DistributionId: process.env.DISTRIBUTION_ID,
      InvalidationBatch: {
        CallerReference: Date.now().toString(),
        Paths: { Quantity: paths.length, Items: paths },
      },
    }));
  }
};

Cache policies whitelist only the headers and query strings that affect response content, maximizing cache hit rates. When data changes in DynamoDB, a Stream-triggered Lambda creates targeted CloudFront invalidations for only the affected paths — not a wildcard /* that flushes the entire cache. This strategy achieves 85–95% cache hit rates for read-heavy APIs.

Why Anubiz Engineering

100% async — no calls, no meetings
Delivered in days, not weeks
Full documentation included
Production-grade from day one
Security-first approach
Post-delivery support included

Ready to get started?

Skip the research. Tell us what you need, and we'll scope it, implement it, and hand it back — fully documented and production-ready.

Start a BriefDevOps Implementation Service