Skip to content

Instantly share code, notes, and snippets.

@alfredlucero

alfredlucero/cloudfront.tf

Created August 14, 2020 22:06
Show Gist options
  • Save alfredlucero/df689990aad28cd690c335939548ced9 to your computer and use it in GitHub Desktop.
Save alfredlucero/df689990aad28cd690c335939548ced9 to your computer and use it in GitHub Desktop.
Download ZIP
Security Headers Terraform - CloudFront Module Lambda Resource
Raw
cloudfront.tf
# ...CloudFront/S3 resources/policies
# Lambda Edge Role
resource "aws_iam_role" "lambda_edge_role" {
name = "${var.lambda_edge_role_name}"
assume_role_policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "",
"Effect": "Allow",
"Principal": {
"Service": [
"lambda.amazonaws.com",
"edgelambda.amazonaws.com"
]
},
"Action": "sts:AssumeRole"
}
]
}
EOF
}
provider "aws" {
alias = "lambda-edge"
region = "us-east-1"
}
resource "aws_lambda_function" "edge_security_headers_lambda" {
function_name = "${var.security_headers_lambda_function_name}"
filename = "${var.security_headers_lambda_zip["output_path"]}"
handler = "${var.security_headers_lambda_handler}"
runtime = "nodejs12.x"
provider = "aws.lambda-edge"
publish = "true" // In order to make Terraform create a new version of your function
source_code_hash = "${var.security_headers_lambda_zip["output_base64sha256"]}" // Should only update when Lambda code changes
role = "${aws_iam_role.lambda_edge_role.arn}"
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment