[英]How to enable managed response header policy of SecurityHeaders with CloudFrontWebDistribution in AWS CDK?
我在 typescript 中的 AWS CDK 基础设施代码中有一个CloudFrontWebDistribution
:
const cloudFrontDistribution = new cloudfront.CloudFrontWebDistribution(this, 'distribution', {
originConfigs: [
{
s3OriginSource: {
s3BucketSource: webBucket,
originAccessIdentity: originAccessIdentity,
},
behaviors : [ {
isDefaultBehavior: true,
defaultTtl: Duration.seconds(1),
lambdaFunctionAssociations: [
{
eventType: LambdaEdgeEventType.VIEWER_REQUEST,
lambdaFunction: midwayEdgeFunction.currentVersion,
},
]
},
]
}
],
defaultRootObject: 'index.html',
viewerCertificate: cloudfront.ViewerCertificate.fromAcmCertificate(props.certificate, {
aliases: [props.stageProps.cloud_front_domain_name],
sslMethod: cloudfront.SSLMethod.SNI,
securityPolicy: cloudfront.SecurityPolicyProtocol.TLS_V1_2_2019
}),
viewerProtocolPolicy: cloudfront.ViewerProtocolPolicy.HTTPS_ONLY,
loggingConfig: {
bucket: logBucket,
includeCookies: true,
prefix: 'cflogs/'
}
});
我想为此分发启用安全标头托管策略( 请参阅此处)。 但是,我只看到 aws cdk 文档针对Distribution
版 object 执行此操作,但没有针对CloudFrontWebDistribution
object 执行此操作。
如何在 AWS CDK 中为CloudFrontWebDistribution
object 启用安全标头的托管响应标头策略?
获取对底层 L1 CfnDistribution
构造的逃生舱口引用。 然后,使用ResponseHeadersPolicy.SECURITY_HEADERS static 方法在DefaultCacheBehavior上手动设置ResponseHeadersPolicyId
属性:
const cfnDistribution = cloudFrontDistribution.node.defaultChild as cloudfront.CfnDistribution;
cfnDistribution.addPropertyOverride(
'DistributionConfig.DefaultCacheBehavior.ResponseHeadersPolicyId',
cloudfront.ResponseHeadersPolicy.SECURITY_HEADERS.responseHeadersPolicyId
);
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.