Resource: aws_cloudfront_response_headers_policy

Provides a CloudFront response headers policy resource. A response headers policy contains information about a set of HTTP response headers and their values. After you create a response headers policy, you can use its ID to attach it to one or more cache behaviors in a CloudFront distribution. When it’s attached to a cache behavior, CloudFront adds the headers in the policy to every response that it sends for requests that match the cache behavior.

Example Usage

The example below creates a CloudFront response headers policy.

resource "aws_cloudfront_response_headers_policy" "example" {
  name    = "example-policy"
  comment = "test comment"

  cors_config {
    access_control_allow_credentials = true

    access_control_allow_headers {
      items = ["test"]
    }

    access_control_allow_methods {
      items = ["GET"]
    }

    access_control_allow_origins {
      items = ["test.example.comtest"]
    }

    origin_override = true
  }
}

The example below creates a CloudFront response headers policy with a custom headers config.

resource "aws_cloudfront_response_headers_policy" "example" {
  name = "example-headers-policy"

  custom_headers_config {
    items {
      header   = "X-Permitted-Cross-Domain-Policies"
      override = true
      value    = "none"
    }

    items {
      header   = "X-Test"
      override = true
      value    = "none"
    }
  }
}

The example below creates a CloudFront response headers policy with a custom headers config and server timing headers config.

resource "aws_cloudfront_response_headers_policy" "example" {
  name = "example-headers-policy"

  custom_headers_config {
    items {
      header   = "X-Permitted-Cross-Domain-Policies"
      override = true
      value    = "none"
    }
  }

  server_timing_headers_config {
    enabled       = true
    sampling_rate = 50
  }
}

Argument Reference

This resource supports the following arguments:

Cors Config

Custom Header

Remove Header

Security Headers Config

Content Security Policy

Content Type Options

Frame Options

Referrer Policy

Strict Transport Security

XSS Protection

Server Timing Headers Config

Attribute Reference

This resource exports the following attributes in addition to the arguments above:

Import

In Terraform v1.5.0 and later, use an import block to import Cloudfront Response Headers Policies using the id. For example:

import {
  to = aws_cloudfront_response_headers_policy.policy
  id = "658327ea-f89d-4fab-a63d-7e88639e58f9"
}

Using terraform import, import Cloudfront Response Headers Policies using the id. For example:

% terraform import aws_cloudfront_response_headers_policy.policy 658327ea-f89d-4fab-a63d-7e88639e58f9