Edge¶
Edge nodes serve the CookieHub consent widget and related assets to end users. The edge layer is a hybrid of two systems that coexist today.
Architecture¶
Scaleway PHP Servers¶
Virtual servers hosted on Scaleway running raw PHP. These handle the original widget serving logic and are the primary edge layer today.
Being phased out
All bare metal infrastructure (including LUKS/RAID1/Tang encrypted servers referenced in older docs) is being phased out. The Scaleway PHP servers are the remaining non-AWS edge component.
CloudFront + Lambda@Edge¶
AWS-managed CDN with Lambda@Edge functions for:
- Region detection — determines user's region for consent law applicability
- Consent logging — logs consent events at the edge before forwarding to the analytics pipeline
flowchart LR
User[End user] --> CF[CloudFront]
CF --> Lambda[Lambda@Edge]
Lambda -->|region| User
Lambda -->|consent log| SQS[SQS Queue]
SQS --> Vault[Vault pipeline]Infrastructure (Stage)¶
Managed via Terraform in modules/edge/cdn/:
| Component | Details |
|---|---|
| CloudFront distribution | CDN for widget assets |
| Lambda@Edge: region | Returns user's geographic region |
| Lambda@Edge: consent log | Processes consent events |
| SQS queue | Consent event buffer before vault ingestion |
| S3 buckets | Static asset storage |
Dependencies¶
- Vault pipeline — receives consent events via SQS
- S3 — widget assets and static files