An open API service indexing awesome lists of open source software.

https://github.com/lupus-metallum/terraform-aws-cloudfront-security-headers

Terraform module to create a Lambda@Edge function to add best practice security headers and support HSTS preload requirements.
https://github.com/lupus-metallum/terraform-aws-cloudfront-security-headers

aws aws-lambda cloudfront lambda-edge security terraform terraform-module web-security

Last synced: 3 days ago
JSON representation

Terraform module to create a Lambda@Edge function to add best practice security headers and support HSTS preload requirements.

Awesome Lists containing this project

README

          

# terraform-aws-cloudfront-security-headers
Terraform module to create a Lambda@Edge function to add best practice security headers and support HSTS preload requirements.

## Example
``` terraform
module "security_headers" {
source = "Lupus-Metallum/cloudfront-security-headers/aws"
version = "3.0.0"
name = "AddSecurityHeaders"
access_control_allow_methods = "POST, GET, OPTIONS"
access_control_allow_origin = "https://example.com"
content_security_policy = "default-src 'self:'; img-src 'self'; script-src 'unsafe-inline'; style-src 'unsafe-inline'; object-src 'none'"
referrer_policy = "same-origin"
strict_transport_security = "max-age=63072000; includeSubdomains; preload"
x_content_type_options = "nosniff"
x_frame_options = "DENY"
x_xss_protection = "1; mode=block"
feature_policy = ""
}
```

## Providers

| Name | Version |
|------|---------|
| [aws](#provider\_aws) | n/a |

## Resources

| Name | Type |
|------|------|
| [aws_cloudfront_function.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudfront_function) | resource |
| [aws_partition.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/partition) | data source |

## Inputs

| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| [name](#input\_name) | Name to use for resource names created by this module | `string` | n/a | yes |
| [access\_control\_allow\_methods](#input\_access\_control\_allow\_methods) | Value to use for the Access-Control-Allow-Methods header, when not provided this header is omitted. | `string` | `""` | no |
| [access\_control\_allow\_origin](#input\_access\_control\_allow\_origin) | Value to use for the Access-Control-Allow-Origin header, when not provided this header is omitted. | `string` | `""` | no |
| [content\_security\_policy](#input\_content\_security\_policy) | Value to use for the Content-Security-Policy header, when not provided this header is omitted. | `string` | `""` | no |
| [description](#input\_description) | Description to use for resource description created by this module | `string` | `"Adds security headers for Cloudfront"` | no |
| [feature\_policy](#input\_feature\_policy) | Value to use for the Feature-Policy header, when not provided this header is omitted. | `string` | `""` | no |
| [referrer\_policy](#input\_referrer\_policy) | Value to use for the Referrer-Policy header, when not provided this header is omitted. | `string` | `""` | no |
| [strict\_transport\_security](#input\_strict\_transport\_security) | Value to use for the Strict-Transport-Security header, when not provided this header is omitted. | `string` | `""` | no |
| [x\_content\_type\_options](#input\_x\_content\_type\_options) | Value to use for the X-Content-Type-Options header, when not provided this header is omitted. | `string` | `""` | no |
| [x\_frame\_options](#input\_x\_frame\_options) | Value to use for the X-Frame-Options header, when not provided this header is omitted. | `string` | `""` | no |
| [x\_xss\_protection](#input\_x\_xss\_protection) | Value to use for the X-XSS-Protection header, when not provided this header is omitted. | `string` | `""` | no |

## Outputs

| Name | Description |
|------|-------------|
| [arn](#output\_arn) | n/a |