Last active
August 2, 2019 07:16
-
-
Save samm-git/a0ecf71f55005d8b9318440bbb319c1e to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # lambda @ edge code to use CloudFront as transparent proxy for the ECR | |
| from urllib.parse import urlparse | |
| def lambda_handler(event, context): | |
| response = event['Records'][0]['cf']['response'] | |
| # we need to fix Location response, but only if it redirects us to Orgin | |
| # use try/catch to avoid exception if not set | |
| try: | |
| if(event['Records'][0]['cf']['request']['origin']['custom']['domainName']==urlparse(response["headers"]["location"][0]["value"]).netloc): | |
| response["headers"]["location"][0]["value"] = urlparse(response["headers"]["location"][0]["value"]).path | |
| except KeyError: | |
| pass | |
| ## Also fix www-authenticate header if exists to not expose ECR name | |
| try: | |
| response["headers"]["www-authenticate"][0]["value"] = 'Basic realm="Docker Registry"' | |
| except KeyError: | |
| pass | |
| # disable caching entirerly, just in case | |
| response["headers"]["expires"]=[{'key': 'Expires', 'value': '0'}] | |
| response["headers"]["pragma"]=[{'key': 'Pragma', 'value': 'no-cache'}] | |
| response["headers"]["cache-control"]=[{'key': 'Cache-Control', 'value': 'no-cache, no-store, must-revalidate, max-age=0'}] | |
| return response |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment