response_headers_policies

Creates, updates, deletes or gets a response_headers_policy resource or lists response_headers_policies in a region

Overview

Name	`response_headers_policies`
Type	Resource
Description	A response headers policy. A response headers policy contains information about a set of HTTP response headers. After you create a response headers policy, you can use its ID to attach it to one or more cache behaviors in a CloudFront distribution. When it's attached to a cache behavior, the response headers policy affects the HTTP headers that CloudFront includes in HTTP responses to requests that match the cache behavior. CloudFront adds or removes response headers according to the configuration of the response headers policy. For more information, see Adding or removing HTTP headers in CloudFront responses in the Amazon CloudFront Developer Guide.
Id	`awscc.cloudfront.response_headers_policies`

Fields

get (all properties)
list (identifiers only)

Name	Datatype	Description
`id`	`string`
`last_modified_time`	`string`
▶`response_headers_policy_config`	`object`	A response headers policy configuration.
`region`	`string`	AWS region.

Name	Datatype	Description
`id`	`string`
`region`	`string`	AWS region.

For more information, see AWS::CloudFront::ResponseHeadersPolicy.

Methods

Name	Resource	Accessible by	Required Params
`create_resource`	`response_headers_policies`	`INSERT`	`ResponseHeadersPolicyConfig, region`
`delete_resource`	`response_headers_policies`	`DELETE`	`Identifier, region`
`update_resource`	`response_headers_policies`	`UPDATE`	`Identifier, PatchDocument, region`
`list_resources`	`response_headers_policies_list_only`	`SELECT`	`region`
`get_resource`	`response_headers_policies`	`SELECT`	`Identifier, region`

`SELECT` examples

get (all properties)
list (identifiers only)

Gets all properties from an individual response_headers_policy.

SELECT
  region,
  id,
  last_modified_time,
  response_headers_policy_config
FROM awscc.cloudfront.response_headers_policies
WHERE
  region = 'us-east-1' AND
  Identifier = '{{ id }}';

Lists all response_headers_policies in a region.

SELECT
  region,
  id
FROM awscc.cloudfront.response_headers_policies_list_only
WHERE
  region = 'us-east-1';

`INSERT` example

Use the following StackQL query and manifest file to create a new response_headers_policy resource, using stack-deploy.

Required Properties
All Properties
Manifest

/*+ create */
INSERT INTO awscc.cloudfront.response_headers_policies (
  ResponseHeadersPolicyConfig,
  region
)
SELECT
  '{{ response_headers_policy_config }}',
  '{{ region }}'
RETURNING
  ErrorCode,
  EventTime,
  Identifier,
  Operation,
  OperationStatus,
  RequestToken,
  ResourceModel,
  RetryAfter,
  StatusMessage,
  TypeName
;

/*+ create */
INSERT INTO awscc.cloudfront.response_headers_policies (
  ResponseHeadersPolicyConfig,
  region
)
SELECT
  '{{ response_headers_policy_config }}',
  '{{ region }}'
RETURNING
  ErrorCode,
  EventTime,
  Identifier,
  Operation,
  OperationStatus,
  RequestToken,
  ResourceModel,
  RetryAfter,
  StatusMessage,
  TypeName
;

version: 1
name: stack name
description: stack description
providers:
- aws
globals:
- name: region
  value: '{{ vars.AWS_REGION }}'
resources:
- name: response_headers_policy
  props:
    - name: response_headers_policy_config
      value:
        comment: '{{ comment }}'
        cors_config:
          access_control_allow_credentials: '{{ access_control_allow_credentials }}'
          access_control_allow_headers:
            items:
              - '{{ items[0] }}'
          access_control_allow_methods:
            items:
              - '{{ items[0] }}'
          access_control_allow_origins:
            items:
              - '{{ items[0] }}'
          access_control_expose_headers:
            items:
              - '{{ items[0] }}'
          access_control_max_age_sec: '{{ access_control_max_age_sec }}'
          origin_override: '{{ origin_override }}'
        custom_headers_config:
          items:
            - header: '{{ header }}'
              override: '{{ override }}'
              value: '{{ value }}'
        name: '{{ name }}'
        remove_headers_config:
          items:
            - header: '{{ header }}'
        security_headers_config:
          content_security_policy:
            content_security_policy: '{{ content_security_policy }}'
            override: '{{ override }}'
          content_type_options:
            override: '{{ override }}'
          frame_options:
            frame_option: '{{ frame_option }}'
            override: '{{ override }}'
          referrer_policy:
            override: '{{ override }}'
            referrer_policy: '{{ referrer_policy }}'
          strict_transport_security:
            access_control_max_age_sec: '{{ access_control_max_age_sec }}'
            include_subdomains: '{{ include_subdomains }}'
            override: '{{ override }}'
            preload: '{{ preload }}'
          x_ss_protection:
            mode_block: '{{ mode_block }}'
            override: '{{ override }}'
            protection: '{{ protection }}'
            report_uri: '{{ report_uri }}'
        server_timing_headers_config:
          enabled: '{{ enabled }}'
          sampling_rate: null

`UPDATE` example

Use the following StackQL query and manifest file to update a response_headers_policy resource, using stack-deploy.

/*+ update */
UPDATE awscc.cloudfront.response_headers_policies
SET PatchDocument = string('{{ {
    "ResponseHeadersPolicyConfig": response_headers_policy_config
} | generate_patch_document }}')
WHERE
  region = '{{ region }}' AND
  Identifier = '{{ id }}'
RETURNING
  ErrorCode,
  EventTime,
  Identifier,
  Operation,
  OperationStatus,
  RequestToken,
  ResourceModel,
  RetryAfter,
  StatusMessage,
  TypeName
;

`DELETE` example

/*+ delete */
DELETE FROM awscc.cloudfront.response_headers_policies
WHERE
  Identifier = '{{ id }}' AND
  region = 'us-east-1'
RETURNING
  ErrorCode,
  EventTime,
  Identifier,
  Operation,
  OperationStatus,
  RequestToken,
  ResourceModel,
  RetryAfter,
  StatusMessage,
  TypeName
;

Additional Parameters

Mutable resources in the Cloud Control provider support additional optional parameters which can be supplied with INSERT, UPDATE, or DELETE operations. These include:

Parameter	Description
`ClientToken`	A unique identifier to ensure the idempotency of the resource request. This allows the provider to accurately distinguish between retries and new requests. A client token is valid for 36 hours once used. After that, a resource request with the same client token is treated as a new request. If you do not specify a client token, one is generated for inclusion in the request.
`RoleArn`	The ARN of the IAM role used to perform this resource operation. The role specified must have the permissions required for this operation. If you do not specify a role, a temporary session is created using your AWS user credentials.
`TypeVersionId`	For private resource types, the type version to use in this resource operation. If you do not specify a resource version, the default version is used.

Permissions

To operate on the response_headers_policies resource, the following permissions are required:

Create
Delete
List
Read
Update

cloudfront:CreateResponseHeadersPolicy

cloudfront:DeleteResponseHeadersPolicy,
cloudfront:GetResponseHeadersPolicy

cloudfront:ListResponseHeadersPolicies

cloudfront:GetResponseHeadersPolicy

cloudfront:UpdateResponseHeadersPolicy,
cloudfront:GetResponseHeadersPolicy

Overview​

Fields​

Methods​

SELECT examples​

INSERT example​

UPDATE example​

DELETE example​

Additional Parameters​

Permissions​