-
Notifications
You must be signed in to change notification settings - Fork 151
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Question] add security headers on cloudfront response? #262
Comments
If the content of the header is static I probably would recommend using CloudFront response headers policies for it. Another way would be to add a CloudFront function that adds the headers to the response. This is not supported by the internal CloudFront distribution, so before applying one of these, the CloudFront distribution should be outsourced following the with existing CloudFront distribution example. |
Thanks for replying! I also would like to get some thoughts on the migration plan. |
Yeah, that would be the default behavior and would result in probably ~30min downtime, since the Lambda@Edge needs to be detached and reattached to the new CloudFront (Detaching can take up to 30min). Fortunately the latest Terraform 1.1 release introduced a new way to migrate and refactor resources between modules. |
I tried to use # ... tf_next_new module but with new configs below
cloudfront_create_distribution = false
cloudfront_external_id = aws_cloudfront_distribution.distribution.id
cloudfront_external_arn = aws_cloudfront_distribution.distribution.arn
# Below is resource cloudfront distribution
moved {
from = module.tf_next
to = module.tf_next_new
} Might be because I couldn't move a resource from the remote module or am I missing anything? And I am also a little concerned about outsourced CloudFront will get more discrepancy over time when this project adds features and configs. Would it be ok if I open a PR adding variable |
Unfortunately I never worked with the
Yes, would accept an PR on this, since we don't use this policy and it could provide a good workaround until I find out how to handle #9. 👍 |
Hi, I have been using this module to deploy my project to production for some time and we have a requirement to add security headers to every page response. Currently what I'm doing is adding the header through
getServerSideProps
, which have a page loading speed overhead. I am aware there is a ticket in the backlog about adding support for it. But do you know if there is any way I can add it from the infrastructure side, do you recommend if I provide my own CloudFront module through CloudFront function or edge function?Thank you very much!
The text was updated successfully, but these errors were encountered: