Skip to content
This repository has been archived by the owner on Sep 26, 2021. It is now read-only.

Latest commit

 

History

History

cloudfront-security-headers

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
README.md
README.md
 
 
index.js
index.js
 
 
test-event.json
test-event.json
 
 

README.md

cloudfront-security-headers

AWS Lambda@Edge function to add common security headers for static content served via CloudFront.

Setup

IAM role creation

Create a new IAM role with the name aws-lambda-edge-execution-role and the following trust relationship:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "Service": ["lambda.amazonaws.com", "edgelambda.amazonaws.com"]
      },
      "Action": "sts:AssumeRole"
    }
  ]
}

Function configuration

Add the function code to AWS Lambda in the US East (N. Virginia) region with the following configuration options:

Key Value
Runtime Node.js 10.x
Handler index.handler
Role aws-lambda-edge-execution-role
Memory 128 (MB)
Timeout 3 sec

Next publish a version of the function and copy its Lambda Function ARN.

CloudFront configuration

In the behavior settings of the CloudFront distribution, add a new Lambda Function Association with the Event Type Origin Response and the Lambda Function ARN copied from the function configuration.
Save your edits and wait until the new settings have been deployed.

License

Released under the MIT license.

Author

Sebastian Tschan