By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

How not to have codebuild headers on s3 files deployed from pipeline?

1

When deploying from code pipeline using codebuild, I am getting some extra headers on the S3 objects with information about codebuild. These headers show information such as codebuild arn including the account id. I feel this is too sensitive information to make public. Is there any way not to have these headers on S3 and thus make it public?

I have looked into S3deployaction of the CDK which I am using to deploy but there are no properties controlling these headers. There doesn't seem much information about these headers on the documentation pages also. Below are the headers which are showing up on the browser when the files are loaded from S3.

x-amz-meta-codebuild-content-sha256: _________
x-amz-meta-codebuild-buildarn: arn:aws:codebuild:us-east-1:_____:build/CodeBuild______-_____:_____
x-amz-meta-codebuild-content-md5: _____
Topics
Developer ToolsStorage
Tags
AWS CodeBuildAmazon Simple Storage ServiceAWS CodePipeline
Language
English
hello world
asked 2 years ago671 views
1 Answer
0

Hmm quick idea, can you override those headers while deploying?

profile picture
MG
answered 2 years ago
  • hello world
    2 years ago

    There is no option like that in pipeline deployment action. So to this I need to create a lambda function after deploy stage and recursively remove those headers from each object. I was hoping that there is a more straightforward mechanism.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content