When deploying from code pipeline using codebuild, I am getting some extra headers on the S3 objects with information about codebuild. These headers show information such as codebuild arn including the account id. I feel this is too sensitive information to make public. Is there any way not to have these headers on S3 and thus make it public?
I have looked into S3deployaction of the CDK which I am using to deploy but there are no properties controlling these headers. There doesn't seem much information about these headers on the documentation pages also. Below are the headers which are showing up on the browser when the files are loaded from S3.
x-amz-meta-codebuild-content-sha256: _________
x-amz-meta-codebuild-buildarn: arn:aws:codebuild:us-east-1:_____:build/CodeBuild______-_____:_____
x-amz-meta-codebuild-content-md5: _____
AWS公式更新しました 3年前
There is no option like that in pipeline deployment action. So to this I need to create a lambda function after deploy stage and recursively remove those headers from each object. I was hoping that there is a more straightforward mechanism.