https://github.com/lupus-metallum/terraform-aws-cloudfront-security-headers
Terraform module to create a Lambda@Edge function to add best practice security headers and support HSTS preload requirements.
https://github.com/lupus-metallum/terraform-aws-cloudfront-security-headers
aws aws-lambda cloudfront lambda-edge security terraform terraform-module web-security
Last synced: 3 days ago
JSON representation
Terraform module to create a Lambda@Edge function to add best practice security headers and support HSTS preload requirements.
- Host: GitHub
- URL: https://github.com/lupus-metallum/terraform-aws-cloudfront-security-headers
- Owner: Lupus-Metallum
- License: apache-2.0
- Created: 2021-04-20T07:22:43.000Z (about 5 years ago)
- Default Branch: main
- Last Pushed: 2022-10-25T22:28:41.000Z (over 3 years ago)
- Last Synced: 2026-05-05T04:14:03.210Z (2 months ago)
- Topics: aws, aws-lambda, cloudfront, lambda-edge, security, terraform, terraform-module, web-security
- Language: HCL
- Homepage: https://registry.terraform.io/modules/Lupus-Metallum/cloudfront-security-headers/aws/latest
- Size: 26.4 KB
- Stars: 2
- Watchers: 0
- Forks: 2
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
- Funding: .github/FUNDING.yml
- License: LICENSE
- Code of conduct: .github/CODE_OF_CONDUCT.md
Awesome Lists containing this project
README
# terraform-aws-cloudfront-security-headers
Terraform module to create a Lambda@Edge function to add best practice security headers and support HSTS preload requirements.
## Example
``` terraform
module "security_headers" {
source = "Lupus-Metallum/cloudfront-security-headers/aws"
version = "3.0.0"
name = "AddSecurityHeaders"
access_control_allow_methods = "POST, GET, OPTIONS"
access_control_allow_origin = "https://example.com"
content_security_policy = "default-src 'self:'; img-src 'self'; script-src 'unsafe-inline'; style-src 'unsafe-inline'; object-src 'none'"
referrer_policy = "same-origin"
strict_transport_security = "max-age=63072000; includeSubdomains; preload"
x_content_type_options = "nosniff"
x_frame_options = "DENY"
x_xss_protection = "1; mode=block"
feature_policy = ""
}
```

## Providers
| Name | Version |
|------|---------|
| [aws](#provider\_aws) | n/a |
## Resources
| Name | Type |
|------|------|
| [aws_cloudfront_function.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudfront_function) | resource |
| [aws_partition.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/partition) | data source |
## Inputs
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| [name](#input\_name) | Name to use for resource names created by this module | `string` | n/a | yes |
| [access\_control\_allow\_methods](#input\_access\_control\_allow\_methods) | Value to use for the Access-Control-Allow-Methods header, when not provided this header is omitted. | `string` | `""` | no |
| [access\_control\_allow\_origin](#input\_access\_control\_allow\_origin) | Value to use for the Access-Control-Allow-Origin header, when not provided this header is omitted. | `string` | `""` | no |
| [content\_security\_policy](#input\_content\_security\_policy) | Value to use for the Content-Security-Policy header, when not provided this header is omitted. | `string` | `""` | no |
| [description](#input\_description) | Description to use for resource description created by this module | `string` | `"Adds security headers for Cloudfront"` | no |
| [feature\_policy](#input\_feature\_policy) | Value to use for the Feature-Policy header, when not provided this header is omitted. | `string` | `""` | no |
| [referrer\_policy](#input\_referrer\_policy) | Value to use for the Referrer-Policy header, when not provided this header is omitted. | `string` | `""` | no |
| [strict\_transport\_security](#input\_strict\_transport\_security) | Value to use for the Strict-Transport-Security header, when not provided this header is omitted. | `string` | `""` | no |
| [x\_content\_type\_options](#input\_x\_content\_type\_options) | Value to use for the X-Content-Type-Options header, when not provided this header is omitted. | `string` | `""` | no |
| [x\_frame\_options](#input\_x\_frame\_options) | Value to use for the X-Frame-Options header, when not provided this header is omitted. | `string` | `""` | no |
| [x\_xss\_protection](#input\_x\_xss\_protection) | Value to use for the X-XSS-Protection header, when not provided this header is omitted. | `string` | `""` | no |
## Outputs
| Name | Description |
|------|-------------|
| [arn](#output\_arn) | n/a |