CloudFront Function

Question

Hi,  
I'm trying to create a CloudFormation stack that deploys a CloudFront Function.  
The specific code is:

```yaml
AWSTemplateFormatVersion: "2010-09-09"
Description: CloudFront Test Function
Resources:
  ResponseFunction:
    Type: 'AWS::CloudFront::Function'
    Properties:
      Name: !Sub '${AWS::StackName}-response'
      AutoPublish: true
      FunctionCode: |
        function handler(event) {
            var response = event.response;
            var headers = response.headers;
            headers\['strict-transport-security'] = {value: 'max-age=63072000; includeSubDomains; preload'};
            headers\['content-security-policy'] = {value: "default-src 'none';"};
            headers\['x-content-type-options'] = {value: 'nosniff'};
            headers\['x-frame-options'] = {value: 'DENY'};
            headers\['x-xss-protection'] = {value: '1; mode=block'};
            headers\['referrer-policy'] = {value: 'same-origin'};
            return response;
        }
```

Trying to deploy it fails with a not-useful error:  
Resource handler returned message: "null" (RequestToken: 278d458f-5016-4b68-f156-2eee41d00f94, HandlerErrorCode: InternalFailure)  
  
Has anyone any idea on the issue or how to fix it?  
  
Thanks a lot,  
Fale  
  
Edited by: Fale on Jun 4, 2021 2:40 AM

Answer

Just got of the lie with AWS support  
  
if you specify the function code you also need to specify the function config   
  
\[pre]  
AWSTemplateFormatVersion: "2010-09-09"  
Description: CloudFront Test Function  
Resources:  
  ResponseFunction:  
    Type: 'AWS::CloudFront::Function'  
    Properties:  
      Name: !Sub '${AWS::StackName}-response'  
      AutoPublish: true  
      FunctionConfig:  
        Comment: !Sub '${AWS::StackName} Security Headers'  
        Runtime: cloudfront-js-1.0  
      FunctionCode: |  
        function handler(event) {  
            var response = event.response;  
            var headers = response.headers;  
            headers\['strict-transport-security'] = {value: 'max-age=63072000; includeSubDomains; preload'};  
            headers\['content-security-policy'] = {value: "default-src 'none';"};  
            headers\['x-content-type-options'] = {value: 'nosniff'};  
            headers\['x-frame-options'] = {value: 'DENY'};  
            headers\['x-xss-protection'] = {value: '1; mode=block'};  
            headers\['referrer-policy'] = {value: 'same-origin'};  
            return response;  
        }  
\[/pre]  
  
The error message is less than helpful!  
  
Edited by: ryan-bennett on Jun 23, 2021 6:26 PM

Answer

Thanks a lot, it worked!

CloudFront Function

相關內容