Edge Auth Without Lambda@Edge
A multi-agent operations platform that audits, hardens, prioritizes, and tracks work across the rest of the portfolio. Back Office is built around transparent automation, operator control, and privacy-first hardening instead of surveillance-heavy workflow tooling.
Common questions
What was Lambda@Edge doing in the old stack?
It handled authentication and authorization at the CDN edge before requests reached the origin. That included token validation, redirect logic for unauthenticated users, and header manipulation for downstream services.
Why was Lambda@Edge painful to operate?
Because it was a separate compute layer with its own deployment lifecycle, its own logging region, its own size and timeout constraints, and no straightforward local testing story. Debugging auth failures meant searching CloudWatch logs across multiple regions.
How does Bunny handle edge auth now?
A combination of Bunny's edge rules for simple redirect and header logic, and the Magic Container itself for token validation and session management. Auth is part of the application instead of a separate edge compute layer.
Is the auth less secure without a dedicated edge layer?
No. The auth logic is the same. It just runs inside the container instead of in a separate Lambda function at the CDN edge. The security posture improved because there are fewer moving parts and the auth code is testable alongside the application.