HTTP targets in VPC Lattice
HTTP requests and HTTP responses use header fields to send information about the HTTP
messages. HTTP headers are added automatically. Header fields are colon-separated
name-value pairs that are separated by a carriage return (CR) and a line feed (LF). A
standard set of HTTP header fields is defined in RFC 2616, Message
Headersx-forwarded
prefix.
x-forwarded headers
Amazon VPC Lattice adds the following x-forwarded
headers:
x-forwarded-for
-
The source IP address.
x-forwarded-for-port
-
The destination port.
x-forwarded-for-proto
-
The connection protocol (
http
|https
).
Caller identity headers
Amazon VPC Lattice adds the following caller identity headers:
x-amzn-lattice-identity
-
The identity information. The following fields are present if AWS authentication is successful.
-
Principal
– The authenticated principal. -
PrincipalOrgID
– The ID of the organization for the authenticated principal. -
SessionName
– The name of the authenticated session.
The following fields are present if Roles Anywhere credentials are used and authentication is successful.
X509Issuer/OU
– The issuer (OU).X509SAN/DNS
– The subject alternative name (DNS).X509SAN/NameCN
– The issuer alternative name (Name/CN).X509SAN/URI
– The subject alternative name (URI).X509Subject/CN
– The subject name (CN).
-
x-amzn-lattice-network
-
The VPC. The format is as follows.
SourceVpcArn=arn:aws:ec2:
region
:account
:vpc/id
x-amzn-lattice-target
-
The target. The format is as follows.
ServiceArn=
arn
;ServiceNetworkArn=arn
;TargetGroupArn=arn
For information about the resource ARNs for VPC Lattice, see Resource types defined by Amazon VPC Lattice.
The caller identity headers can't be spoofed. VPC Lattice strips these headers from any incoming requests.