switching software/cloud infrastructure

Cloudflare Workers to AWS Lambda: Serverless Migration

Edge computing to cloud functions migration for UK developers.

1. Executive Summary

This guide outlines the strategic migration of serverless workloads from Cloudflare Workers to AWS Lambda. While both platforms leverage serverless execution, Cloudflare Workers operates on an V8-isolate model at the edge, whereas AWS Lambda operates on a containerized (Firecracker) model within specific AWS Regions (e.g., eu-west-2 for London). This migration requires a shift in architectural mindset regarding cold starts, global distribution, and event-source integration.

2. Why Businesses Migrate (Drivers & Anti-patterns)

  • Drivers: Need for deep integration with AWS-native services (DynamoDB, RDS, SQS), requirement for longer execution timeouts (Lambda supports 15 minutes vs. Workers' limits), and complex private networking (VPC requirements).
  • Anti-patterns: Attempting to replicate Cloudflare's "Global Edge" performance using Lambda alone (requires CloudFront/Lambda@Edge), or migrating high-frequency, sub-millisecond edge tasks that incur higher costs on Lambda compared to Workers.

3. The 6 Rs for Cloudflare to AWS

  • Rehost: Not applicable (Workers code is proprietary; cannot be "lifted and shifted").
  • Replatform: Migrating Workers code to Lambda by wrapping logic in the AWS Node.js/Python runtime.
  • Refactor: Rewriting logic to utilize AWS SDK v3, replacing Cloudflare KV/D1 with DynamoDB or ElastiCache.
  • Retain/Retire/Repurchase: Retaining specific edge-caching logic at Cloudflare while moving compute to Lambda.

4. Pre-Migration Assessment

  • Inventory: Map all wrangler.toml configurations, environment variables, and Workers KV namespaces.
  • Network Mapping: Unlike Workers, Lambda functions running in a private VPC require NAT Gateways to access the public internet. Map egress requirements.
  • IAM: Cloudflare uses API tokens/Global keys; AWS requires granular IAM Roles following the principle of least privilege.
  • Data Transfer: Estimate egress costs from Cloudflare (if applicable) and AWS Inter-Region/Internet egress costs. Use the AWS Pricing Calculator for eu-west-2.

5. Step-by-Step Execution Plan

  1. Pilot: Deploy a single, non-critical Worker to a Lambda function behind an API Gateway.
  2. Foundation: Establish the AWS Landing Zone in eu-west-2. Configure VPC, Subnets, and Security Groups.
  3. Data Migration: Migrate KV/D1 data to DynamoDB. Use AWS Database Migration Service (DMS) or custom scripts for large datasets.
  4. Cutover: Implement a Weighted DNS approach via Route 53. Route 10% of traffic to AWS, monitor CloudWatch metrics, then scale to 100%.

6. Troubleshooting Common Issues

  • Cold Starts: Lambda cold starts are significant compared to Workers. Use Provisioned Concurrency for latency-sensitive applications.
  • Runtime Differences: Workers use the Fetch API natively; Lambda requires the AWS SDK. Ensure your code handles the event object structure differences between Cloudflare and API Gateway/ALB.
  • Timeout Mismatch: Ensure upstream load balancers are configured to handle Lambda’s longer potential execution times.

7. UK-Specific Compliance (GDPR & Residency)

  • Data Residency: By deploying to eu-west-2 (London), you ensure data remains within the UK, satisfying strict public sector or financial services requirements.
  • GDPR: Ensure AWS CloudTrail and Config are enabled for audit logging. Use AWS Key Management Service (KMS) for encryption at rest within the UK region.

8. Cost Modeling

  • Compute: Workers bill by CPU time/requests; Lambda bills by execution duration and memory allocation.
  • Hidden Costs: Factor in API Gateway costs (per million requests) and NAT Gateway hourly charges + data processing fees.
  • Optimization: Use Graviton2 (ARM64) processors on Lambda to reduce costs by ~20% compared to x86.

9. Conclusion

Migrating from Cloudflare Workers to AWS Lambda is a transition from an "edge-first" architecture to a "regional-first" architecture. While you gain immense power through the AWS ecosystem, you must account for VPC networking, VPC endpoints, and the shift in cost models. For UK-based businesses, the London region provides the necessary sovereignty to meet regulatory requirements while leveraging AWS’s mature serverless ecosystem.