How not to have codebuild headers on s3 files deployed from pipeline?


When deploying from code pipeline using codebuild, I am getting some extra headers on the S3 objects with information about codebuild. These headers show information such as codebuild arn including the account id. I feel this is too sensitive information to make public. Is there any way not to have these headers on S3 and thus make it public?

I have looked into S3deployaction of the CDK which I am using to deploy but there are no properties controlling these headers. There doesn't seem much information about these headers on the documentation pages also. Below are the headers which are showing up on the browser when the files are loaded from S3.

x-amz-meta-codebuild-content-sha256: _________
x-amz-meta-codebuild-buildarn: arn:aws:codebuild:us-east-1:_____:build/CodeBuild______-_____:_____
x-amz-meta-codebuild-content-md5: _____
1 Answer

Hmm quick idea, can you override those headers while deploying?

profile picture
answered a year ago
  • There is no option like that in pipeline deployment action. So to this I need to create a lambda function after deploy stage and recursively remove those headers from each object. I was hoping that there is a more straightforward mechanism.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions