Skip to content

Commit

Permalink
Update aws_cloudfront_distribution.tf
Browse files Browse the repository at this point in the history
  • Loading branch information
jjcallis committed Sep 25, 2023
1 parent c309e8a commit 5cbc6d4
Showing 1 changed file with 40 additions and 0 deletions.
40 changes: 40 additions & 0 deletions aws_cloudfront_distribution.tf
Original file line number Diff line number Diff line change
Expand Up @@ -40,6 +40,8 @@ resource "aws_cloudfront_distribution" "s3_distribution" {

#caching
default_cache_behavior {
response_headers_policy_id = aws_cloudfront_response_headers_policy.security_headers_policy.id

min_ttl = var.cloudfront_cache_min_ttl
default_ttl = var.cloudfront_cache_default_ttl
max_ttl = var.cloudfront_cache_max_ttl
Expand Down Expand Up @@ -93,3 +95,41 @@ resource "aws_cloudfront_distribution" "s3_distribution" {
}

resource "aws_cloudfront_origin_access_identity" "current" {}

resource "aws_cloudfront_response_headers_policy" "security_headers_policy" {
name = "${var.distribution_name}-cloudfront-security-headers-policy"
security_headers_config {
# https://infosec.mozilla.org/guidelines/web_security#x-content-type-options
# content_type_options {
# override = true
# }
# https://infosec.mozilla.org/guidelines/web_security#x-frame-options
frame_options {
frame_option = "DENY"
override = true
}
# https://infosec.mozilla.org/guidelines/web_security#referrer-policy
# referrer_policy {
# referrer_policy = "same-origin"
# override = true
# }
# https://infosec.mozilla.org/guidelines/web_security#content-security-policy
# xss_protection {
# mode_block = true
# protection = true
# override = true
# }
# https://infosec.mozilla.org/guidelines/web_security#http-strict-transport-security
strict_transport_security {
access_control_max_age_sec = "63072000"
include_subdomains = true
preload = true
override = true
}
# https://infosec.mozilla.org/guidelines/web_security#content-security-policy
# content_security_policy {
# content_security_policy = "frame-ancestors 'none'; default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'"
# override = true
# }
}
}

0 comments on commit 5cbc6d4

Please sign in to comment.