Al usar AWS re:Post, aceptas las AWS re:Post Términos de uso
AWS re:Postre:Post

Is it possible to view the cloudformation of managed Response Headers Policies?

0

I need to enhance a ManagedSecurityPolicy and add more to it, but I can't view the actual cloudformation. Is it possible to do this?

I am looking at the policy Policy ID: 67f7725c-6f97-4210-82d7-5512b31e9d03 at https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/using-managed-response-headers-policies.html

This managed one is good but it is missing Content Security Policy items which I want to add on.

Temas
Gestión y gobiernoRedes y entrega de contenidoAWS Well-Architected Framework
Etiquetas
AWS CloudFormationAmazon CloudFrontSeguridad
Idioma
English
AWSKid2k
preguntada hace 2 años563 visualizaciones
1 Respuesta
2
Respuesta aceptada

You will need to create your own custom policy. You can describe the managed policy in the CLI to get the JSON output that you can use in your custom policy in CloudFormation

See:

aws cloudfront get-response-headers-policy --id 67f7725c-6f97-4210-82d7-5512b31e9d03

{
    "ETag": "E23ZP02F085DFQ",
    "ResponseHeadersPolicy": {
        "Id": "67f7725c-6f97-4210-82d7-5512b31e9d03",
        "LastModifiedTime": "1970-01-01T00:00:00+00:00",
        "ResponseHeadersPolicyConfig": {
            "Comment": "Adds a set of security headers to every response",
            "Name": "Managed-SecurityHeadersPolicy",
            "SecurityHeadersConfig": {
                "XSSProtection": {
                    "Override": false,
                    "Protection": true,
                    "ModeBlock": true
                },
                "FrameOptions": {
                    "Override": false,
                    "FrameOption": "SAMEORIGIN"
                },
                "ReferrerPolicy": {
                    "Override": false,
                    "ReferrerPolicy": "strict-origin-when-cross-origin"
                },
                "ContentSecurityPolicy": {},
                "ContentTypeOptions": {
                    "Override": true
                },
                "StrictTransportSecurity": {
                    "Override": false,
                    "AccessControlMaxAgeSec": 31536000
                }
            }
        }
    }
}
profile pictureAWS
EXPERTO
Matt-B
respondido hace 2 años

No has iniciado sesión. Iniciar sesión para publicar una respuesta.

Una buena respuesta responde claramente a la pregunta, proporciona comentarios constructivos y fomenta el crecimiento profesional en la persona que hace la pregunta.

Pautas para responder preguntas

Contenido relevante