Skip to content

Data source: awsCloudfrontResponseHeadersPolicy

Use this data source to retrieve information about a CloudFront cache policy.

Example Usage

Basic Usage

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
new aws.dataAwsCloudfrontResponseHeadersPolicy.DataAwsCloudfrontResponseHeadersPolicy(
  this,
  "example",
  {
    name: "example-policy",
  }
);

AWS-Managed Policies

AWS managed response header policy names are prefixed with managed:

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
new aws.dataAwsCloudfrontResponseHeadersPolicy.DataAwsCloudfrontResponseHeadersPolicy(
  this,
  "example",
  {
    name: "Managed-SimpleCORS",
  }
);

Argument Reference

The following arguments are supported:

  • name - (Optional) Unique name to identify the response headers policy.
  • id - (Optional) Identifier for the response headers policy.

Attributes Reference

In addition to all arguments above, the following attributes are exported:

  • comment - Comment to describe the response headers policy. The comment cannot be longer than 128 characters.
  • etag - Current version of the response headers policy.
  • corsConfig - Configuration for a set of HTTP response headers that are used for Cross-Origin Resource Sharing (CORS). See Cors Config for more information.
  • customHeadersConfig - Object that contains an attribute items that contains a list of Custom Headers See Custom Header for more information.
  • securityHeadersConfig - A configuration for a set of security-related HTTP response headers. See Security Headers Config for more information.
  • serverTimingHeadersConfig - (Optional) Configuration for enabling the Server-Timing header in HTTP responses sent from CloudFront. See Server Timing Headers Config for more information.

Cors Config

  • accessControlAllowCredentials - A Boolean value that CloudFront uses as the value for the Access-Control-Allow-Credentials HTTP response header.
  • accessControlAllowHeaders - Object that contains an attribute items that contains a list of HTTP header names that CloudFront includes as values for the Access-Control-Allow-Headers HTTP response header.
  • accessControlAllowMethods - Object that contains an attribute items that contains a list of HTTP methods that CloudFront includes as values for the Access-Control-Allow-Methods HTTP response header. Valid values: get | post | options | put | delete | head | all
  • accessControlAllowOrigins - Object that contains an attribute items that contains a list of origins that CloudFront can use as the value for the Access-Control-Allow-Origin HTTP response header.
  • accessControlExposeHeaders - Object that contains an attribute items that contains a list of HTTP headers that CloudFront includes as values for the Access-Control-Expose-Headers HTTP response header.
  • accessControlMaxAgeSec - A number that CloudFront uses as the value for the Access-Control-Max-Age HTTP response header.

Custom Header

  • header - HTTP response header name.
  • override - Whether CloudFront overrides a response header with the same name received from the origin with the header specifies here.
  • value - Value for the HTTP response header.

Security Headers Config

  • contentSecurityPolicy - The policy directives and their values that CloudFront includes as values for the Content-Security-Policy HTTP response header. See Content Security Policy for more information.
  • contentTypeOptions - A setting that determines whether CloudFront includes the X-Content-Type-Options HTTP response header with its value set to nosniff. See Content Type Options for more information.
  • frameOptions - Setting that determines whether CloudFront includes the X-Frame-Options HTTP response header and the header’s value. See Frame Options for more information.
  • referrerPolicy - Setting that determines whether CloudFront includes the Referrer-Policy HTTP response header and the header’s value. See Referrer Policy for more information.
  • strictTransportSecurity - Settings that determine whether CloudFront includes the Strict-Transport-Security HTTP response header and the header’s value. See Strict Transport Security for more information.
  • xssProtection - Settings that determine whether CloudFront includes the X-XSS-Protection HTTP response header and the header’s value. See XSS Protection for more information.

Content Security Policy

  • contentSecurityPolicy - The policy directives and their values that CloudFront includes as values for the Content-Security-Policy HTTP response header.
  • override - Whether CloudFront overrides the Content-Security-Policy HTTP response header received from the origin with the one specified in this response headers policy.

Content Type Options

  • override - Whether CloudFront overrides the X-Content-Type-Options HTTP response header received from the origin with the one specified in this response headers policy.

Frame Options

  • frameOption - Value of the X-Frame-Options HTTP response header. Valid values: deny | sameorigin
  • override - Whether CloudFront overrides the X-Frame-Options HTTP response header received from the origin with the one specified in this response headers policy.

Referrer Policy

  • referrerPolicy - Value of the Referrer-Policy HTTP response header. Valid Values: noReferrer | noReferrerWhenDowngrade | origin | originWhenCrossOrigin | sameOrigin | strictOrigin | strictOriginWhenCrossOrigin | unsafeUrl
  • override - Whether CloudFront overrides the Referrer-Policy HTTP response header received from the origin with the one specified in this response headers policy.

Strict Transport Security

  • accessControlMaxAgeSec - A number that CloudFront uses as the value for the max-age directive in the Strict-Transport-Security HTTP response header.
  • includeSubdomains - Whether CloudFront includes the includeSubDomains directive in the Strict-Transport-Security HTTP response header.
  • override - Whether CloudFront overrides the Strict-Transport-Security HTTP response header received from the origin with the one specified in this response headers policy.
  • preload - Whether CloudFront includes the preload directive in the Strict-Transport-Security HTTP response header.

XSS Protection

  • modeBlock - Whether CloudFront includes the mode=block directive in the X-XSS-Protection header.
  • override - Whether CloudFront overrides the X-XSS-Protection HTTP response header received from the origin with the one specified in this response headers policy.
  • protection - Boolean value that determines the value of the X-XSS-Protection HTTP response header. When this setting is true, the value of the X-XSS-Protection header is 1. When this setting is false, the value of the X-XSS-Protection header is 0.
  • reportUri - Whether CloudFront sets a reporting URI in the X-XSS-Protection header.

Server Timing Headers Config

  • enabled - Whether CloudFront adds the serverTiming header to HTTP responses that it sends in response to requests that match a cache behavior that's associated with this response headers policy.
  • samplingRate - Number 0–100 (inclusive) that specifies the percentage of responses that you want CloudFront to add the Server-Timing header to.