Hi,
I'm using the official cloudfront provided response yaml to generate a response header policy and it is not working, it gives an error:
"An error occurred (InconsistentQuantities) when calling the CreateResponseHeadersPolicy operation: The specified quantity of Allow Origin (0) does not match the actual quantity supplied (1)."
I am using the CLI option here https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/creating-response-headers-policies.html and using the command
aws cloudfront create-response-headers-policy --generate-cli-skeleton yaml-input > response-headers-policy.yaml
I then edit the .yaml and try to generate (step 3) but i get an error
*I have tried with my edited template and the stock provided template (no modifications) but it still gives that error. *
Can anyone provide insight?
Here is my edited template
ResponseHeadersPolicyConfig: # [REQUIRED] Contains metadata about the response headers policy, and a set of configurations that specify the response headers.
Comment: 'Custom Security Headers Policy' # A comment to describe the response headers policy.
Name: 'BlockXFrames-SecurityHeadersPolicy' # [REQUIRED] A name to identify the response headers policy.
CorsConfig: # A configuration for a set of HTTP response headers that are used for cross-origin resource sharing (CORS).
AccessControlAllowOrigins: # [REQUIRED] A list of origins (domain names) that CloudFront can use as the value for the Access-Control-Allow-Origin HTTP response header.
Quantity: 0 # [REQUIRED] The number of origins in the list.
Items: # [REQUIRED] The list of origins (domain names).
- ''
AccessControlAllowHeaders: # [REQUIRED] A list of HTTP header names that CloudFront includes as values for the Access-Control-Allow-Headers HTTP response header.
Quantity: 0 # [REQUIRED] The number of HTTP header names in the list.
Items: # [REQUIRED] The list of HTTP header names.
- ''
AccessControlAllowMethods: # [REQUIRED] A list of HTTP methods that CloudFront includes as values for the Access-Control-Allow-Methods HTTP response header.
Quantity: 0 # [REQUIRED] The number of HTTP methods in the list.
Items: # [REQUIRED] The list of HTTP methods.
- POST
AccessControlAllowCredentials: true # [REQUIRED] A Boolean that CloudFront uses as the value for the Access-Control-Allow-Credentials HTTP response header.
AccessControlExposeHeaders: # A list of HTTP headers that CloudFront includes as values for the Access-Control-Expose-Headers HTTP response header.
Quantity: 0 # [REQUIRED] The number of HTTP headers in the list.
Items: # The list of HTTP headers.
- ''
AccessControlMaxAgeSec: 0 # A number that CloudFront uses as the value for the Access-Control-Max-Age HTTP response header.
OriginOverride: true # [REQUIRED] A Boolean that determines whether CloudFront overrides HTTP response headers received from the origin with the ones specified in this response headers policy.
SecurityHeadersConfig: # A configuration for a set of security-related HTTP response headers.
XSSProtection: # Determines whether CloudFront includes the X-XSS-Protection HTTP response header and the header’s value.
Override: false # [REQUIRED] A Boolean that determines whether CloudFront overrides the X-XSS-Protection HTTP response header received from the origin with the one specified in this response headers policy.
Protection: true # [REQUIRED] A Boolean that determines the value of the X-XSS-Protection HTTP response header.
ModeBlock: true # A Boolean that determines whether CloudFront includes the mode=block directive in the X-XSS-Protection header.
ReportUri: '' # A reporting URI, which CloudFront uses as the value of the report directive in the X-XSS-Protection header.
FrameOptions: # Determines whether CloudFront includes the X-Frame-Options HTTP response header and the header’s value.
Override: true # [REQUIRED] A Boolean that determines whether CloudFront overrides the X-Frame-Options HTTP response header received from the origin with the one specified in this response headers policy.
FrameOption: DENY # [REQUIRED] The value of the X-Frame-Options HTTP response header. Valid values are: DENY, SAMEORIGIN.
ReferrerPolicy: # Determines whether CloudFront includes the Referrer-Policy HTTP response header and the header’s value.
Override: false # [REQUIRED] A Boolean that determines whether CloudFront overrides the Referrer-Policy HTTP response header received from the origin with the one specified in this response headers policy.
ReferrerPolicy: strict-origin-when-cross-origin # [REQUIRED] The value of the Referrer-Policy HTTP response header. Valid values are: no-referrer, no-referrer-when-downgrade, origin, origin-when-cross-origin, same-origin, strict-origin, strict-origin-when-cross-origin, unsafe-url.
ContentSecurityPolicy: # The policy directives and their values that CloudFront includes as values for the Content-Security-Policy HTTP response header.
Override: true # [REQUIRED] A Boolean that determines whether CloudFront overrides the Content-Security-Policy HTTP response header received from the origin with the one specified in this response headers policy.
ContentSecurityPolicy: frame-ancestors 'none' # [REQUIRED] The policy directives and their values that CloudFront includes as values for the Content-Security-Policy HTTP response header.
ContentTypeOptions: # Determines whether CloudFront includes the X-Content-Type-Options HTTP response header with its value set to nosniff.
Override: true # [REQUIRED] A Boolean that determines whether CloudFront overrides the X-Content-Type-Options HTTP response header received from the origin with the one specified in this response headers policy.
StrictTransportSecurity: # Determines whether CloudFront includes the Strict-Transport-Security HTTP response header and the header’s value.
Override: false # [REQUIRED] A Boolean that determines whether CloudFront overrides the Strict-Transport-Security HTTP response header received from the origin with the one specified in this response headers policy.
IncludeSubdomains: true # A Boolean that determines whether CloudFront includes the includeSubDomains directive in the Strict-Transport-Security HTTP response header.
Preload: true # A Boolean that determines whether CloudFront includes the preload directive in the Strict-Transport-Security HTTP response header.
AccessControlMaxAgeSec: 31536000 # [REQUIRED] A number that CloudFront uses as the value for the max-age directive in the Strict-Transport-Security HTTP response header.
CustomHeadersConfig: # A configuration for a set of custom HTTP response headers.
Quantity: 0 # [REQUIRED] The number of HTTP response headers in the list.
Items: # The list of HTTP response headers and their values.
- Header: '' # [REQUIRED] The HTTP response header name.
Value: '' # [REQUIRED] The value for the HTTP response header.
Override: true # [REQUIRED] A Boolean that determines whether CloudFront overrides a response header with the same name received from the origin with the header specified here.
ServerTimingHeadersConfig: # A configuration for enabling the Server-Timing header in HTTP responses sent from CloudFront.
Enabled: true # [REQUIRED] A Boolean that determines whether CloudFront adds the Server-Timing header to HTTP responses that it sends in response to requests that match a cache behavior that's associated with this response headers policy.
SamplingRate: 0.0 # A number 0–100 (inclusive) that specifies the percentage of responses that you want CloudFront to add the Server-Timing header to.