Resource: awsCloudfrontResponseHeadersPolicy
Provides a CloudFront response headers policy resource. A response headers policy contains information about a set of HTTP response headers and their values. After you create a response headers policy, you can use its ID to attach it to one or more cache behaviors in a CloudFront distribution. When it’s attached to a cache behavior, CloudFront adds the headers in the policy to every response that it sends for requests that match the cache behavior.
Example Usage
The example below creates a CloudFront response headers policy.
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
new aws.cloudfrontResponseHeadersPolicy.CloudfrontResponseHeadersPolicy(
this,
"example",
{
comment: "test comment",
corsConfig: {
accessControlAllowCredentials: true,
accessControlAllowHeaders: {
items: ["test"],
},
accessControlAllowMethods: {
items: ["GET"],
},
accessControlAllowOrigins: {
items: ["test.example.comtest"],
},
originOverride: true,
},
name: "example-policy",
}
);
The example below creates a CloudFront response headers policy with a custom headers config.
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
new aws.cloudfrontResponseHeadersPolicy.CloudfrontResponseHeadersPolicy(
this,
"example",
{
customHeadersConfig: {
items: [
{
header: "X-Permitted-Cross-Domain-Policies",
override: true,
value: "none",
},
{
header: "X-Test",
override: true,
value: "none",
},
],
},
name: "example-headers-policy",
}
);
The example below creates a CloudFront response headers policy with a custom headers config and server timing headers config.
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
new aws.cloudfrontResponseHeadersPolicy.CloudfrontResponseHeadersPolicy(
this,
"example",
{
customHeadersConfig: {
items: [
{
header: "X-Permitted-Cross-Domain-Policies",
override: true,
value: "none",
},
],
},
name: "example-headers-policy",
serverTimingHeadersConfig: {
enabled: true,
samplingRate: 50,
},
}
);
Argument Reference
The following arguments are supported:
name
- (Required) A unique name to identify the response headers policy.comment
- (Optional) A comment to describe the response headers policy. The comment cannot be longer than 128 characters.corsConfig
- (Optional) A configuration for a set of HTTP response headers that are used for Cross-Origin Resource Sharing (CORS). See Cors Config for more information.customHeadersConfig
- (Optional) Object that contains an attributeitems
that contains a list of custom headers. See Custom Header for more information.securityHeadersConfig
- (Optional) A configuration for a set of security-related HTTP response headers. See Security Headers Config for more information.serverTimingHeadersConfig
- (Optional) A configuration for enabling the Server-Timing header in HTTP responses sent from CloudFront. See Server Timing Headers Config for more information.
Cors Config
accessControlAllowCredentials
- (Required) A Boolean value that CloudFront uses as the value for theaccessControlAllowCredentials
HTTP response header.accessControlAllowHeaders
- (Required) Object that contains an attributeitems
that contains a list of HTTP header names that CloudFront includes as values for theaccessControlAllowHeaders
HTTP response header.accessControlAllowMethods
- (Required) Object that contains an attributeitems
that contains a list of HTTP methods that CloudFront includes as values for theaccessControlAllowMethods
HTTP response header. Valid values:get
|post
|options
|put
|delete
|head
|all
accessControlAllowOrigins
- (Required) Object that contains an attributeitems
that contains a list of origins that CloudFront can use as the value for theaccessControlAllowOrigin
HTTP response header.accessControlExposeHeaders
- (Optional) Object that contains an attributeitems
that contains a list of HTTP headers that CloudFront includes as values for theaccessControlExposeHeaders
HTTP response header.accessControlMaxAgeSec
- (Optional) A number that CloudFront uses as the value for theaccessControlMaxAge
HTTP response header.originOverride
- (Required) A Boolean value that determines how CloudFront behaves for the HTTP response header.
Custom Header
header
- (Required) The HTTP response header name.override
- (Required) Whether CloudFront overrides a response header with the same name received from the origin with the header specifies here.value
- (Required) The value for the HTTP response header.
Security Headers Config
contentSecurityPolicy
- (Optional) The policy directives and their values that CloudFront includes as values for thecontentSecurityPolicy
HTTP response header. See Content Security Policy for more information.contentTypeOptions
- (Optional) Determines whether CloudFront includes thexContentTypeOptions
HTTP response header with its value set tonosniff
. See Content Type Options for more information.frameOptions
- (Optional) Determines whether CloudFront includes thexFrameOptions
HTTP response header and the header’s value. See Frame Options for more information.referrerPolicy
- (Optional) Determines whether CloudFront includes thereferrerPolicy
HTTP response header and the header’s value. See Referrer Policy for more information.strictTransportSecurity
- (Optional) Determines whether CloudFront includes thestrictTransportSecurity
HTTP response header and the header’s value. See Strict Transport Security for more information.xssProtection
- (Optional) Determine whether CloudFront includes thexXssProtection
HTTP response header and the header’s value. See XSS Protection for more information.
Content Security Policy
contentSecurityPolicy
- (Required) The policy directives and their values that CloudFront includes as values for thecontentSecurityPolicy
HTTP response header.override
- (Required) Whether CloudFront overrides thecontentSecurityPolicy
HTTP response header received from the origin with the one specified in this response headers policy.
Content Type Options
override
- (Required) Whether CloudFront overrides thexContentTypeOptions
HTTP response header received from the origin with the one specified in this response headers policy.
Frame Options
frameOption
- (Required) The value of thexFrameOptions
HTTP response header. Valid values:deny
|sameorigin
override
- (Required) Whether CloudFront overrides thexFrameOptions
HTTP response header received from the origin with the one specified in this response headers policy.
Referrer Policy
referrerPolicy
- (Required) The value of thereferrerPolicy
HTTP response header. Valid Values:noReferrer
|noReferrerWhenDowngrade
|origin
|originWhenCrossOrigin
|sameOrigin
|strictOrigin
|strictOriginWhenCrossOrigin
|unsafeUrl
override
- (Required) Whether CloudFront overrides thereferrerPolicy
HTTP response header received from the origin with the one specified in this response headers policy.
Strict Transport Security
accessControlMaxAgeSec
- (Required) A number that CloudFront uses as the value for themaxAge
directive in thestrictTransportSecurity
HTTP response header.includeSubdomains
- (Optional) Whether CloudFront includes theincludeSubDomains
directive in thestrictTransportSecurity
HTTP response header.override
- (Required) Whether CloudFront overrides thestrictTransportSecurity
HTTP response header received from the origin with the one specified in this response headers policy.preload
- (Optional) Whether CloudFront includes thepreload
directive in thestrictTransportSecurity
HTTP response header.
XSS Protection
modeBlock
- (Required) Whether CloudFront includes themode=block
directive in thexXssProtection
header.override
- (Required) Whether CloudFront overrides thexXssProtection
HTTP response header received from the origin with the one specified in this response headers policy.protection
- (Required) A Boolean value that determines the value of thexXssProtection
HTTP response header. When this setting istrue
, the value of thexXssProtection
header is1
. When this setting isfalse
, the value of thexXssProtection
header is0
.reportUri
- (Optional) A reporting URI, which CloudFront uses as the value of the report directive in thexXssProtection
header. You cannot specify areportUri
whenmodeBlock
istrue
.
Server Timing Headers Config
enabled
- (Required) A Whether CloudFront adds theserverTiming
header to HTTP responses that it sends in response to requests that match a cache behavior that's associated with this response headers policy.samplingRate
- (Required) A number 0–100 (inclusive) that specifies the percentage of responses that you want CloudFront to add the Server-Timing header to. Valid range: Minimum value of 0.0. Maximum value of 100.0.
Attributes Reference
In addition to all arguments above, the following attributes are exported:
etag
- The current version of the response headers policy.id
- The identifier for the response headers policy.
Import
Cloudfront Response Headers Policies can be imported using the id
, e.g.