Asset Host & Precompiling

For those that are used to precompiling assets on their production servers, Lambda may introduce a new way of thinking. Instead, assets are precompiled during the SAM build phase. We recommend using an :assets group in your Gemfile and changing your application.rb to load this group for development and test environments. ⚠️ Assets require a custom domain name to link properly.

group :assets do
  gem 'sass-rails'
  gem 'uglifier', require: false
Bundler.require(*Rails.groups.tap { |groups|
  if Rails.env.development? || Rails.env.test?
    groups << 'assets'

Our Cookiecutter & Serving Static Assets

Our Quick Start cookiecutter project uses the above technique and keeps things simple by leveraging Rails built in ability to serve static assets. We do this by setting this environment variable in app.rb.


We also add this configuration to your config/environments/production.rb file. In this case we are setting the cache control to 30 days, which you can change. The X-Lamby-Base64 header signals to the Lamby rack adapter that the content requires base64 binary encoding.

config.public_file_server.headers = {
  'Cache-Control' => "public, max-age=#{30.days.seconds.to_i}",
  'X-Lamby-Base64' => '1'

Using S3 & CloudFront As An Asset Host

Your application's assets may be impractical to package and serve from Lambda. Or maybe you want a real CDN like CloudFront to globally serve your assets. For whatever reason, using CloundFront with an S3 bucket as the origin is pretty easy to setup.

Configure Your Rails Asset Host

In your production.rb, or any other environment file that uses an asset host, configure Rails with the domain you intent to use. We also recommend that your asset manifest be removed from the public dir and placed in your application config instead. This way, it can be packed and deployed along side your application. Open up your config/initializers/assets.rb file and set the manifest.

config.action_controller.asset_host = ''
Rails.application.config.assets.manifest = Rails.root.join('config/manifest.json')

Sync Assets to S3 During Builds

In order to get the compiled assets to our S3 bucket, we need to hook into the bin/_build script. Add this line after the assets:precompile line. It uses the AWS CLI s3 sync command to copy new assets to your S3 bucket. It also sets a cache control header for a proper origin response.

aws s3 sync ./public/assets "s3://" \
  --cache-control "public, max-age=31536000"

Create a CloudFront Distro Backed by S3 with CloudFormation

To create our CloudFront distribution and S3 bucket, we are going to use CloudFormation to express our Infrastructure as Code (IaC). The work here was inspired DJ Walker's Automate Your Static Hosting Environment With AWS CloudFormation tutorial but re-written from the ground up to be more inline with Rails static asset host best practices. Simply log into the AWS Console, and go to CloudFormation -> Create stack -> Template is ready -> Upload a template file.

Prior to executing this template, please use AWS Certificate Manager to create an SSL cert for you domain name and change the AcmCertificateArn to the ARN of your certificate. Also make sure to change to your domain name.

AWSTemplateFormatVersion: '2010-09-09'
Description: MyApp Asset Host

    Type: AWS::S3::Bucket
    Type: AWS::S3::BucketPolicy
      Bucket: !Ref AssetHostBucket
          - Action: 's3:GetObject'
            Effect: Allow
            Resource: !Sub 'arn:aws:s3:::${AssetHostBucket}/*'
              CanonicalUser: !GetAtt AssetHostDistributionIdentity.S3CanonicalUserId
      Type: AWS::CloudFront::CloudFrontOriginAccessIdentity
          Comment: !Ref AssetHostBucket
    Type: AWS::CloudFront::Distribution
          AllowedMethods: [ HEAD, GET ]
          CachedMethods: [ HEAD, GET ]
          Compress: true
          DefaultTTL: 31536000
          MinTTL: 31536000
              Forward: none
            QueryString: false
          TargetOriginId: S3Origin
          ViewerProtocolPolicy: redirect-to-https
        Enabled: true
        HttpVersion: http2
          - DomainName: !GetAtt 'AssetHostBucket.DomainName'
            Id: S3Origin
              OriginAccessIdentity: !Sub 'origin-access-identity/cloudfront/${AssetHostDistributionIdentity}'
          AcmCertificateArn: YOUR_CERT_ARN_HERE
          SslSupportMethod: sni-only