update security custom header

Question

Hi team,

I want to modify a custom header value in a CF origin with lambda. this lambda should read the value from the secret manager and update the value of the custom header in Cf accordingly.

is this achievable via a lambda function?

Thank you!

Answer

Hi,

This is a use case which could be solved using [Lambda@Edge](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/edge-functions.html). The blog post [How to enhance Amazon CloudFront origin security with AWS WAF and AWS Secrets Manager](https://aws.amazon.com/blogs/security/how-to-enhance-amazon-cloudfront-origin-security-with-aws-waf-and-aws-secrets-manager/) demonstrates a similar scenario, adding a custom header with a value from Secrets Manager. One area to pay attention to is the selection of the [CloudFront event](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/lambda-edge-add-triggers.html) used to trigger your Lambda function. Some events can be used to trigger the function on **every** request while others may only execute the function when CloudFront forwards a request to the origin, i.e. when the requested object is not in the CloudFront cache.

update security custom header

相關內容