By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

CloudFront Function

1

Hi,
I'm trying to create a CloudFormation stack that deploys a CloudFront Function.
The specific code is:

AWSTemplateFormatVersion: "2010-09-09"
Description: CloudFront Test Function
Resources:
  ResponseFunction:
    Type: 'AWS::CloudFront::Function'
    Properties:
      Name: !Sub '${AWS::StackName}-response'
      AutoPublish: true
      FunctionCode: |
        function handler(event) {
            var response = event.response;
            var headers = response.headers;
            headers\['strict-transport-security'] = {value: 'max-age=63072000; includeSubDomains; preload'};
            headers\['content-security-policy'] = {value: "default-src 'none';"};
            headers\['x-content-type-options'] = {value: 'nosniff'};
            headers\['x-frame-options'] = {value: 'DENY'};
            headers\['x-xss-protection'] = {value: '1; mode=block'};
            headers\['referrer-policy'] = {value: 'same-origin'};
            return response;
        }

Trying to deploy it fails with a not-useful error:
Resource handler returned message: "null" (RequestToken: 278d458f-5016-4b68-f156-2eee41d00f94, HandlerErrorCode: InternalFailure)

Has anyone any idea on the issue or how to fix it?

Thanks a lot,
Fale

Edited by: Fale on Jun 4, 2021 2:40 AM

Topics
Networking & Content Delivery
Tags
Amazon CloudFront
Language
English
Fale
asked 3 years ago669 views
2 Answers
2

Just got of the lie with AWS support

if you specify the function code you also need to specify the function config

[pre]
AWSTemplateFormatVersion: "2010-09-09"
Description: CloudFront Test Function
Resources:
ResponseFunction:
Type: 'AWS::CloudFront::Function'
Properties:
Name: !Sub '${AWS::StackName}-response'
AutoPublish: true
FunctionConfig:
Comment: !Sub '${AWS::StackName} Security Headers'
Runtime: cloudfront-js-1.0
FunctionCode: |
function handler(event) {
var response = event.response;
var headers = response.headers;
headers['strict-transport-security'] = {value: 'max-age=63072000; includeSubDomains; preload'};
headers['content-security-policy'] = {value: "default-src 'none';"};
headers['x-content-type-options'] = {value: 'nosniff'};
headers['x-frame-options'] = {value: 'DENY'};
headers['x-xss-protection'] = {value: '1; mode=block'};
headers['referrer-policy'] = {value: 'same-origin'};
return response;
}
[/pre]

The error message is less than helpful!

Edited by: ryan-bennett on Jun 23, 2021 6:26 PM

ryan-bennett
answered 3 years ago
0

Thanks a lot, it worked!

Fale
answered 3 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content