AWS CloudFront

Deploy Centinel Analytica protection on an existing CloudFront distribution via the AWS Console.

Overview

This quickstart outlines the minimal console workflow for installing the Centinel Lambda@Edge function. Allow 15-20 minutes after the association step for CloudFront to propagate the new protection globally.

Prerequisites

Centinel secret key
CloudFront distribution you can edit
AWS Console access with permissions for Lambda and CloudFront

Step 1 · Prepare the Package

Download centinel-cloudfront.js from the latest release of this repository.
Open the file and replace the empty CENTINEL_SECRET_KEY value with your key.
Zip the modified centinel-cloudfront.js file to create a deployment archive.

Step 2 · Create the Lambda Function

Switch the AWS Console region to N. Virginia (us-east-1).
Go to Lambda → Create function → Author from scratch.
Name the function (for example centinel-cloudfront), choose Node.js 20.x, and create it.
In the Code tab select Upload from → .zip file, then upload your updated archive.
Under Configuration → General configuration, set Timeout to 5 seconds and Memory to 128 MB.
Choose Actions → Publish new version and note the versioned ARN displayed.

Step 3 · Associate with CloudFront

Open CloudFront → Distributions, select the distribution to protect, and edit the cache behavior you want covered.
In Function associations, click Add function, choose Lambda@Edge, paste the versioned ARN, and set the event type to Viewer request.
Save the behavior to start global deployment of the Lambda version.

Step 4 · Verify Deployment

Monitor the distribution status until it reads Deployed (approximately 15-20 minutes).
Browse the distribution domain to confirm normal traffic flow.
Review CloudWatch logs for entries prefixed with [Centinel] if troubleshooting is required.

Changelog

1.1 - Improved performance.
1.0 - Initial release.