You have a CloudFront distribution that has an S3 bucket as the origin.
There is a requirement to add Security headers to the HTTP responses before they can be relayed back to the clients.
How can you achieve this?
Click on the arrows to vote for the correct answer
A. B. C. D.Answer - B.
One of the AWS Blogs mentions the following.
Lambda@Edge provides the ability to execute a Lambda function at an Amazon CloudFront Edge Location.
This capability enables intelligent processing of HTTP requests at locations that are close (for the purposes of latency) to your customers.
To get started, you simply upload your code (Lambda function written in Node.js) and pick one of the CloudFront behaviors associated with your distribution.
All other options are incorrect since none of these will help meet the requirement.
For more information on adding security headers using Lambda@Edge, one can visit the below URL.
https://aws.amazon.com/blogs/networking-and-content-delivery/adding-http-security-headers-using-lambdaedge-and-amazon-cloudfront/To add security headers to HTTP responses in a CloudFront distribution with an S3 bucket origin, there are several possible options:
A. Change the Behavior of the origin: CloudFront behaviors determine how CloudFront handles user requests and the origin's responses. By changing the behavior of the origin, we can configure CloudFront to add security headers to the HTTP responses. To achieve this, you can follow these steps:
B. Create a Lambda function that will run on the edge: AWS Lambda lets you run code in response to events in AWS services such as CloudFront. You can use Lambda@Edge to add security headers to HTTP responses. To do so, follow these steps:
C. Make sure that the Viewer protocol is set to HTTPS: By default, CloudFront uses HTTPS to communicate with viewers. If the viewer protocol is set to HTTP, CloudFront will not add security headers to the HTTP response. To ensure that the viewer protocol is set to HTTPS, follow these steps:
D. Create an OAI for the Cloudfront distribution: An Origin Access Identity (OAI) is a virtual user that Amazon CloudFront uses to fetch private content from an S3 bucket. By creating an OAI and using it to secure access to the S3 bucket, you can add security headers to HTTP responses. To achieve this, follow these steps:
Overall, any of these four options can be used to add security headers to HTTP responses in a CloudFront distribution with an S3 bucket origin. The choice depends on the specific requirements and constraints of your use case.