AWS::CloudFront::ResponseHeadersPolicy - AWS CloudFormation

AWS::CloudFront::ResponseHeadersPolicy

A response headers policy.

A response headers policy contains information about a set of HTTP response headers.

After you create a response headers policy, you can use its ID to attach it to one or more cache behaviors in a CloudFront distribution. When it's attached to a cache behavior, the response headers policy affects the HTTP headers that CloudFront includes in HTTP responses to requests that match the cache behavior. CloudFront adds or removes response headers according to the configuration of the response headers policy.

For more information, see Adding or removing HTTP headers in CloudFront responses in the Amazon CloudFront Developer Guide.

Syntax

To declare this entity in your AWS CloudFormation template, use the following syntax:

JSON

{ "Type" : "AWS::CloudFront::ResponseHeadersPolicy", "Properties" : { "ResponseHeadersPolicyConfig" : ResponseHeadersPolicyConfig } }

YAML

Type: AWS::CloudFront::ResponseHeadersPolicy Properties: ResponseHeadersPolicyConfig: ResponseHeadersPolicyConfig

Properties

ResponseHeadersPolicyConfig

A response headers policy configuration.

Required: Yes

Type: ResponseHeadersPolicyConfig

Update requires: No interruption

Return values

Ref

When you pass the logical ID of this resource to the intrinsic Ref function, Ref returns the response headers policy ID. For example: 57f99797-3b20-4e1b-a728-27972a74082a.

For more information about using the Ref function, see Ref.

Fn::GetAtt

The Fn::GetAtt intrinsic function returns a value for a specified attribute of this type. The following are the available attributes and sample return values.

For more information about using the Fn::GetAtt intrinsic function, see Fn::GetAtt.

Id

The unique identifier for the response headers policy. For example: 57f99797-3b20-4e1b-a728-27972a74082a.

LastModifiedTime

The date and time when the response headers policy was last modified.

Examples

Create a response headers policy

The following example creates a response headers policy.

JSON

{ "Resources": { "MyResponseHeadersPolicy": { "Type": "AWS::CloudFront::ResponseHeadersPolicy", "Properties": { "ResponseHeadersPolicyConfig": { "Name": { "Fn::Join": [ "-", [ "canary-response-header-policy", { "Fn::Select": [ 0, { "Fn::Split": [ "-", { "Fn::Select": [ 2, { "Fn::Split": [ "/", { "Ref": "AWS::StackId" } ] } ] } ] } ] } ] ] }, "Comment": "Sample Comment", "CorsConfig": { "AccessControlAllowCredentials": true, "AccessControlAllowHeaders": { "Items": ["Header1"] }, "AccessControlAllowMethods": { "Items": ["GET", "POST"] }, "AccessControlAllowOrigins": { "Items": ["example1.com", "example2.com", "example3.com"] }, "AccessControlExposeHeaders": { "Items": [ "ExposeHeader1", "ExposeHeader2", "ExposeHeader3", "ExposeHeader4" ] }, "AccessControlMaxAgeSec": 1200, "OriginOverride": true }, "CustomHeadersConfig": { "Items": [ { "Header": "HeaderX", "Override": true, "Value": "ValueX" }, { "Header": "HeaderY", "Override": true, "Value": "ValueY" } ] }, "RemoveHeadersConfig": { "Items": [ { "Header": "RemoveHeaderX" }, { "Header": "RemoveHeaderY" } ] }, "SecurityHeadersConfig": { "ContentSecurityPolicy": { "ContentSecurityPolicy": "MyPolicy", "Override": true }, "ContentTypeOptions": { "Override": true }, "FrameOptions": { "FrameOption": "SAMEORIGIN", "Override": true }, "ReferrerPolicy": { "ReferrerPolicy": "origin-when-cross-origin", "Override": true }, "StrictTransportSecurity": { "AccessControlMaxAgeSec": 2400, "IncludeSubdomains": true, "Override": true, "Preload": true }, "XSSProtection": { "ModeBlock": true, "Override": true, "Protection": true } } } } } } }

YAML

Resources: ABCDE1FGHI: MyWaitConditionHandle: Type: AWS::CloudFormation::WaitConditionHandle MyResponseHeadersPolicy: Type: AWS::CloudFront::ResponseHeadersPolicy Properties: ResponseHeadersPolicyConfig: Name: !Join - "-" - - "canary-response-header-policy" - !Select - 0 - !Split - "-" - !Select - 2 - !Split - "/" - !Ref "AWS::StackId" Comment: "Sample Comment" CorsConfig: AccessControlAllowCredentials: true AccessControlAllowHeaders: Items: - "Header1" AccessControlAllowMethods: Items: - "GET" - "POST" AccessControlAllowOrigins: Items: - "example1.com" - "example2.com" - "example3.com" AccessControlExposeHeaders: Items: - "ExposeHeader1" - "ExposeHeader2" - "ExposeHeader3" - "ExposeHeader4" AccessControlMaxAgeSec: 1200 OriginOverride: true CustomHeadersConfig: Items: - Header: "HeaderX" Override: true Value: "ValueX" - Header: "HeaderY" Override: true Value: "ValueY" RemoveHeadersConfig: Items: - Header: "RemoveHeaderX" - Header: "RemoveHeaderY" SecurityHeadersConfig: ContentSecurityPolicy: ContentSecurityPolicy: "MyPolicy" Override: true ContentTypeOptions: Override: true FrameOptions: FrameOption: "SAMEORIGIN" Override: true ReferrerPolicy: ReferrerPolicy: "origin-when-cross-origin" Override: true StrictTransportSecurity: AccessControlMaxAgeSec: 2400 IncludeSubdomains: true Override: true Preload: true XSSProtection: ModeBlock: true Override: true Protection: true RHPolicyWaiterCustomResource: Type: AWS::CloudFormation::CustomResource DeletionPolicy: Retain Properties: ServiceToken: !ImportValue RHPolicyLambdaWaiter WaitSeconds: 300