bap*_*pak 4 amazon-web-services aws-cdk
CloudFrontWebDistribution我的 AWS CDK 基础设施代码中有一个 打字稿:
const cloudFrontDistribution = new cloudfront.CloudFrontWebDistribution(this, 'distribution', {
originConfigs: [
{
s3OriginSource: {
s3BucketSource: webBucket,
originAccessIdentity: originAccessIdentity,
},
behaviors : [ {
isDefaultBehavior: true,
defaultTtl: Duration.seconds(1),
lambdaFunctionAssociations: [
{
eventType: LambdaEdgeEventType.VIEWER_REQUEST,
lambdaFunction: midwayEdgeFunction.currentVersion,
},
]
},
]
}
],
defaultRootObject: 'index.html',
viewerCertificate: cloudfront.ViewerCertificate.fromAcmCertificate(props.certificate, {
aliases: [props.stageProps.cloud_front_domain_name],
sslMethod: cloudfront.SSLMethod.SNI,
securityPolicy: cloudfront.SecurityPolicyProtocol.TLS_V1_2_2019
}),
viewerProtocolPolicy: cloudfront.ViewerProtocolPolicy.HTTPS_ONLY,
loggingConfig: {
bucket: logBucket,
includeCookies: true,
prefix: 'cflogs/'
}
});
我想为此发行版启用安全标头托管策略(请参阅此处)。但是,我只看到 aws cdk 文档针对Distribution对象执行此操作,而不是针对CloudFrontWebDistribution对象。
如何对CloudFrontWebDistributionAWS CDK 中的对象启用安全标头的托管响应标头策略?
获取对底层 L1构造的逃生舱口CfnDistribution引用。然后,使用ResponseHeadersPolicy.SECURITY_HEADERS静态方法手动设置DefaultCacheBehaviorResponseHeadersPolicyId的属性:
const cfnDistribution = cloudFrontDistribution.node.defaultChild as cloudfront.CfnDistribution;
cfnDistribution.addPropertyOverride(
'DistributionConfig.DefaultCacheBehavior.ResponseHeadersPolicyId',
cloudfront.ResponseHeadersPolicy.SECURITY_HEADERS.responseHeadersPolicyId
);
| 归档时间: |
|
| 查看次数: |
1496 次 |
| 最近记录: |