ResponseHeadersPolicy is the Schema for the ResponseHeadersPolicies API
Type
CRD
Group
cloudfront.aws.crossplane.io
Version
v1alpha1
apiVersion: cloudfront.aws.crossplane.io/v1alpha1
kind: ResponseHeadersPolicy
ResponseHeadersPolicySpec defines the desired state of ResponseHeadersPolicy
ResponseHeadersPolicyParameters defines the desired state of ResponseHeadersPolicy
Contains metadata about the response headers policy, and a set of configurations that specify the HTTP headers.
A configuration for a set of HTTP response headers that are used for cross-origin resource sharing (CORS). CloudFront adds these headers to HTTP responses that it sends for CORS requests that match a cache behavior associated with this response headers policy.
For more information about CORS, see Cross-Origin Resource Sharing (CORS) (https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS) in the MDN Web Docs.
A list of HTTP header names that CloudFront includes as values for the Access-Control-Allow-Headers HTTP response header.
For more information about the Access-Control-Allow-Headers HTTP response header, see Access-Control-Allow-Headers (https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Headers) in the MDN Web Docs.
No description provided.
A list of HTTP methods that CloudFront includes as values for the Access-Control-Allow-Methods HTTP response header.
For more information about the Access-Control-Allow-Methods HTTP response header, see Access-Control-Allow-Methods (https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Methods) in the MDN Web Docs.
No description provided.
A list of origins (domain names) that CloudFront can use as the value for the Access-Control-Allow-Origin HTTP response header.
For more information about the Access-Control-Allow-Origin HTTP response header, see Access-Control-Allow-Origin (https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin) in the MDN Web Docs.
No description provided.
A list of HTTP headers that CloudFront includes as values for the Access-Control-Expose-Headers HTTP response header.
For more information about the Access-Control-Expose-Headers HTTP response header, see Access-Control-Expose-Headers (https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Expose-Headers) in the MDN Web Docs.
No description provided.
A configuration for a set of security-related HTTP response headers. CloudFront adds these headers to HTTP responses that it sends for requests that match a cache behavior associated with this response headers policy.
The policy directives and their values that CloudFront includes as values for the Content-Security-Policy HTTP response header.
For more information about the Content-Security-Policy HTTP response header, see Content-Security-Policy (https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy) in the MDN Web Docs.
Determines whether CloudFront includes the X-Content-Type-Options HTTP response header with its value set to nosniff.
For more information about the X-Content-Type-Options HTTP response header, see X-Content-Type-Options (https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options) in the MDN Web Docs.
Determines whether CloudFront includes the X-Frame-Options HTTP response header and the header's value.
For more information about the X-Frame-Options HTTP response header, see X-Frame-Options (https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options) in the MDN Web Docs.
Determines whether CloudFront includes the Referrer-Policy HTTP response header and the header's value.
For more information about the Referrer-Policy HTTP response header, see Referrer-Policy (https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy) in the MDN Web Docs.
Determines whether CloudFront includes the Strict-Transport-Security HTTP response header and the header's value.
For more information about the Strict-Transport-Security HTTP response header, see Strict-Transport-Security (https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security) in the MDN Web Docs.
Determines whether CloudFront includes the X-XSS-Protection HTTP response header and the header's value.
For more information about the X-XSS-Protection HTTP response header, see X-XSS-Protection (https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection) in the MDN Web Docs.
A configuration for enabling the Server-Timing header in HTTP responses sent from CloudFront. CloudFront adds this header to HTTP responses that it sends in response to requests that match a cache behavior that's associated with this response headers policy.
You can use the Server-Timing header to view metrics that can help you gain insights about the behavior and performance of CloudFront. For example, you can see which cache layer served a cache hit, or the first byte latency from the origin when there was a cache miss. You can use the metrics in the Server-Timing header to troubleshoot issues or test the efficiency of your CloudFront configuration. For more information, see Server-Timing header (https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/understanding-response-headers-policies.html#server-timing-header) in the Amazon CloudFront Developer Guide.
THIS IS A BETA FIELD. It is on by default but can be opted out through a Crossplane feature flag. ManagementPolicies specify the array of actions Crossplane is allowed to take on the managed and external resources. This field is planned to replace the DeletionPolicy field in a future release. Currently, both could be set independently and non-default values would be honored if the feature flag is enabled. If both are custom, the DeletionPolicy field will be ignored. See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md
ProviderConfigReference specifies how the provider that will be used to create, observe, update, and delete this managed resource should be configured.
Policies for referencing.
PublishConnectionDetailsTo specifies the connection secret config which contains a name, metadata and a reference to secret store config to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource.
WriteConnectionSecretToReference specifies the namespace and name of a Secret to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource. This field is planned to be replaced in a future release in favor of PublishConnectionDetailsTo. Currently, both could be set independently and connection details would be published to both without affecting each other.
ResponseHeadersPolicyStatus defines the observed state of ResponseHeadersPolicy.
ResponseHeadersPolicyObservation defines the observed state of ResponseHeadersPolicy
Contains a response headers policy.
A response headers policy configuration.
A response headers policy configuration contains metadata about the response headers policy, and configurations for sets of HTTP response headers.
A configuration for a set of HTTP response headers that are used for cross-origin resource sharing (CORS). CloudFront adds these headers to HTTP responses that it sends for CORS requests that match a cache behavior associated with this response headers policy.
For more information about CORS, see Cross-Origin Resource Sharing (CORS) (https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS) in the MDN Web Docs.
A list of HTTP header names that CloudFront includes as values for the Access-Control-Allow-Headers HTTP response header.
For more information about the Access-Control-Allow-Headers HTTP response header, see Access-Control-Allow-Headers (https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Headers) in the MDN Web Docs.
No description provided.
A list of HTTP methods that CloudFront includes as values for the Access-Control-Allow-Methods HTTP response header.
For more information about the Access-Control-Allow-Methods HTTP response header, see Access-Control-Allow-Methods (https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Methods) in the MDN Web Docs.
No description provided.
A list of origins (domain names) that CloudFront can use as the value for the Access-Control-Allow-Origin HTTP response header.
For more information about the Access-Control-Allow-Origin HTTP response header, see Access-Control-Allow-Origin (https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin) in the MDN Web Docs.
No description provided.
A list of HTTP headers that CloudFront includes as values for the Access-Control-Expose-Headers HTTP response header.
For more information about the Access-Control-Expose-Headers HTTP response header, see Access-Control-Expose-Headers (https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Expose-Headers) in the MDN Web Docs.
No description provided.
A configuration for a set of security-related HTTP response headers. CloudFront adds these headers to HTTP responses that it sends for requests that match a cache behavior associated with this response headers policy.
The policy directives and their values that CloudFront includes as values for the Content-Security-Policy HTTP response header.
For more information about the Content-Security-Policy HTTP response header, see Content-Security-Policy (https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy) in the MDN Web Docs.
Determines whether CloudFront includes the X-Content-Type-Options HTTP response header with its value set to nosniff.
For more information about the X-Content-Type-Options HTTP response header, see X-Content-Type-Options (https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options) in the MDN Web Docs.
Determines whether CloudFront includes the X-Frame-Options HTTP response header and the header's value.
For more information about the X-Frame-Options HTTP response header, see X-Frame-Options (https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options) in the MDN Web Docs.
Determines whether CloudFront includes the Referrer-Policy HTTP response header and the header's value.
For more information about the Referrer-Policy HTTP response header, see Referrer-Policy (https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy) in the MDN Web Docs.
Determines whether CloudFront includes the Strict-Transport-Security HTTP response header and the header's value.
For more information about the Strict-Transport-Security HTTP response header, see Strict-Transport-Security (https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security) in the MDN Web Docs.
Determines whether CloudFront includes the X-XSS-Protection HTTP response header and the header's value.
For more information about the X-XSS-Protection HTTP response header, see X-XSS-Protection (https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection) in the MDN Web Docs.
A configuration for enabling the Server-Timing header in HTTP responses sent from CloudFront. CloudFront adds this header to HTTP responses that it sends in response to requests that match a cache behavior that's associated with this response headers policy.
You can use the Server-Timing header to view metrics that can help you gain insights about the behavior and performance of CloudFront. For example, you can see which cache layer served a cache hit, or the first byte latency from the origin when there was a cache miss. You can use the metrics in the Server-Timing header to troubleshoot issues or test the efficiency of your CloudFront configuration. For more information, see Server-Timing header (https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/understanding-response-headers-policies.html#server-timing-header) in the Amazon CloudFront Developer Guide.
Conditions of the resource.
ezgi-response-headers-policy
apiVersion: cloudfront.aws.crossplane.io/v1alpha1
kind: ResponseHeadersPolicy
metadata:
name: ezgi-response-headers-policy
spec:
forProvider:
region: us-east-1
responseHeadersPolicyConfig:
comment: Example CloudFront Response Header Policy
corsConfig:
accessControlAllowCredentials: true
accessControlAllowHeaders:
items:
- test
accessControlAllowMethods:
items:
- GET
accessControlAllowOrigins:
items:
- test.example.comtest
originOverride: true
providerConfigRef:
name: example