aws-cdk-lib.aws_cloudfront.ResponseHeadersPolicy

class ResponseHeadersPolicy (construct)

LanguageType name
.NETAmazon.CDK.AWS.CloudFront.ResponseHeadersPolicy
Gogithub.com/aws/aws-cdk-go/awscdk/v2/awscloudfront#ResponseHeadersPolicy
Javasoftware.amazon.awscdk.services.cloudfront.ResponseHeadersPolicy
Pythonaws_cdk.aws_cloudfront.ResponseHeadersPolicy
TypeScript (source)aws-cdk-lib » aws_cloudfront » ResponseHeadersPolicy

Implements IConstruct, IDependable, IResource, IResponseHeadersPolicy

A Response Headers Policy configuration.

Example

// Using an existing managed response headers policy
declare const bucketOrigin: origins.S3Origin;
new cloudfront.Distribution(this, 'myDistManagedPolicy', {
  defaultBehavior: {
    origin: bucketOrigin,
    responseHeadersPolicy: cloudfront.ResponseHeadersPolicy.CORS_ALLOW_ALL_ORIGINS,
  },
});

// Creating a custom response headers policy -- all parameters optional
const myResponseHeadersPolicy = new cloudfront.ResponseHeadersPolicy(this, 'ResponseHeadersPolicy', {
  responseHeadersPolicyName: 'MyPolicy',
  comment: 'A default policy',
  corsBehavior: {
    accessControlAllowCredentials: false,
    accessControlAllowHeaders: ['X-Custom-Header-1', 'X-Custom-Header-2'],
    accessControlAllowMethods: ['GET', 'POST'],
    accessControlAllowOrigins: ['*'],
    accessControlExposeHeaders: ['X-Custom-Header-1', 'X-Custom-Header-2'],
    accessControlMaxAge: Duration.seconds(600),
    originOverride: true,
  },
  customHeadersBehavior: {
    customHeaders: [
      { header: 'X-Amz-Date', value: 'some-value', override: true },
      { header: 'X-Amz-Security-Token', value: 'some-value', override: false },
    ],
  },
  securityHeadersBehavior: {
    contentSecurityPolicy: { contentSecurityPolicy: 'default-src https:;', override: true },
    contentTypeOptions: { override: true },
    frameOptions: { frameOption: cloudfront.HeadersFrameOption.DENY, override: true },
    referrerPolicy: { referrerPolicy: cloudfront.HeadersReferrerPolicy.NO_REFERRER, override: true },
    strictTransportSecurity: { accessControlMaxAge: Duration.seconds(600), includeSubdomains: true, override: true },
    xssProtection: { protection: true, modeBlock: true, reportUri: 'https://example.com/csp-report', override: true },
  },
  removeHeaders: ['Server'],
  serverTimingSamplingRate: 50,
});
new cloudfront.Distribution(this, 'myDistCustomPolicy', {
  defaultBehavior: {
    origin: bucketOrigin,
    responseHeadersPolicy: myResponseHeadersPolicy,
  },
});

Initializer

new ResponseHeadersPolicy(scope: Construct, id: string, props?: ResponseHeadersPolicyProps)

Parameters

  • scope Construct
  • id string
  • props ResponseHeadersPolicyProps

Construct Props

NameTypeDescription
comment?stringA comment to describe the response headers policy.
corsBehavior?ResponseHeadersCorsBehaviorA configuration for a set of HTTP response headers that are used for cross-origin resource sharing (CORS).
customHeadersBehavior?ResponseCustomHeadersBehaviorA configuration for a set of custom HTTP response headers.
removeHeaders?string[]A list of HTTP response headers that CloudFront removes from HTTP responses that it sends to viewers.
responseHeadersPolicyName?stringA unique name to identify the response headers policy.
securityHeadersBehavior?ResponseSecurityHeadersBehaviorA configuration for a set of security-related HTTP response headers.
serverTimingSamplingRate?numberThe percentage of responses that you want CloudFront to add the Server-Timing header to.

comment?

Type: string (optional, default: no comment)

A comment to describe the response headers policy.


corsBehavior?

Type: ResponseHeadersCorsBehavior (optional, default: no cors behavior)

A configuration for a set of HTTP response headers that are used for cross-origin resource sharing (CORS).


customHeadersBehavior?

Type: ResponseCustomHeadersBehavior (optional, default: no custom headers behavior)

A configuration for a set of custom HTTP response headers.


removeHeaders?

Type: string[] (optional, default: no headers are removed)

A list of HTTP response headers that CloudFront removes from HTTP responses that it sends to viewers.


responseHeadersPolicyName?

Type: string (optional, default: generated from the id)

A unique name to identify the response headers policy.


securityHeadersBehavior?

Type: ResponseSecurityHeadersBehavior (optional, default: no security headers behavior)

A configuration for a set of security-related HTTP response headers.


serverTimingSamplingRate?

Type: number (optional, default: no Server-Timing header is added to HTTP responses)

The percentage of responses that you want CloudFront to add the Server-Timing header to.

Properties

NameTypeDescription
envResourceEnvironmentThe environment this resource belongs to.
nodeNodeThe tree node.
responseHeadersPolicyIdstringThe ID of the response headers policy.
stackStackThe stack in which this resource is defined.
static CORS_ALLOW_ALL_ORIGINSIResponseHeadersPolicyUse this managed policy to allow simple CORS requests from any origin.
static CORS_ALLOW_ALL_ORIGINS_AND_SECURITY_HEADERSIResponseHeadersPolicyUse this managed policy to allow simple CORS requests from any origin and add a set of security headers to all responses that CloudFront sends to viewers.
static CORS_ALLOW_ALL_ORIGINS_WITH_PREFLIGHTIResponseHeadersPolicyUse this managed policy to allow CORS requests from any origin, including preflight requests.
static CORS_ALLOW_ALL_ORIGINS_WITH_PREFLIGHT_AND_SECURITY_HEADERSIResponseHeadersPolicyUse this managed policy to allow CORS requests from any origin, including preflight requests, and add a set of security headers to all responses that CloudFront sends to viewers.
static SECURITY_HEADERSIResponseHeadersPolicyUse this managed policy to add a set of security headers to all responses that CloudFront sends to viewers.

env

Type: ResourceEnvironment

The environment this resource belongs to.

For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into.


node

Type: Node

The tree node.


responseHeadersPolicyId

Type: string

The ID of the response headers policy.


stack

Type: Stack

The stack in which this resource is defined.


static CORS_ALLOW_ALL_ORIGINS

Type: IResponseHeadersPolicy

Use this managed policy to allow simple CORS requests from any origin.


static CORS_ALLOW_ALL_ORIGINS_AND_SECURITY_HEADERS

Type: IResponseHeadersPolicy

Use this managed policy to allow simple CORS requests from any origin and add a set of security headers to all responses that CloudFront sends to viewers.


static CORS_ALLOW_ALL_ORIGINS_WITH_PREFLIGHT

Type: IResponseHeadersPolicy

Use this managed policy to allow CORS requests from any origin, including preflight requests.


static CORS_ALLOW_ALL_ORIGINS_WITH_PREFLIGHT_AND_SECURITY_HEADERS

Type: IResponseHeadersPolicy

Use this managed policy to allow CORS requests from any origin, including preflight requests, and add a set of security headers to all responses that CloudFront sends to viewers.


static SECURITY_HEADERS

Type: IResponseHeadersPolicy

Use this managed policy to add a set of security headers to all responses that CloudFront sends to viewers.

Methods

NameDescription
applyRemovalPolicy(policy)Apply the given removal policy to this resource.
toString()Returns a string representation of this construct.
static fromResponseHeadersPolicyId(scope, id, responseHeadersPolicyId)Import an existing Response Headers Policy from its ID.

applyRemovalPolicy(policy)

public applyRemovalPolicy(policy: RemovalPolicy): void

Parameters

  • policy RemovalPolicy

Apply the given removal policy to this resource.

The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you've removed it from the CDK application or because you've made a change that requires the resource to be replaced.

The resource can be deleted (RemovalPolicy.DESTROY), or left in your AWS account for data recovery and cleanup later (RemovalPolicy.RETAIN).


toString()

public toString(): string

Returns

  • string

Returns a string representation of this construct.


static fromResponseHeadersPolicyId(scope, id, responseHeadersPolicyId)

public static fromResponseHeadersPolicyId(scope: Construct, id: string, responseHeadersPolicyId: string): IResponseHeadersPolicy

Parameters

  • scope Construct
  • id string
  • responseHeadersPolicyId string

Returns

  • IResponseHeadersPolicy

Import an existing Response Headers Policy from its ID.