OptionalcloudfrontOptionaldomainList of domain names the CloudFront distribution should use.
OptionaloverrideCloudfront behavior overrides.
Used to override cloudfront behavior
NOTE: ResponseHeadersPolicy defined here will overwrite BOTH the default security headers policy and any values specified in securityHeaders.behaviorOverrides.
OptionaloverrideDistribution props overrides.
Used to override default (AWS or Liflig) configuration
OptionalsecurityEnable, disable or configure security headers for the web application
OptionalbehaviorOverrides?: Partial<Security headers overrides.
Used to override certain default security header values if the webapp requires different settings than the defaults.
NOTE: If you need to disable certain headers, you must explicitly set them to undefined
Optionalenabled?: booleanEnable adding common security headers to CloudFront responses
If enabled, the default behavior is to add the following headers with fairly strict defaults. Most of the headers can be customized:
OptionalwebThe path to the page that will be served for users not allowed to access the site when using WAF. E.g. "/4xx-errors/403-forbidden.html".
Note that this wil catch any 403 errors from the origin(s), that might cover any other behaviors is added.
OptionalwebAWS WAF web ACL to associate with the CloudFront distribution.
To specify a web ACL created using the latest version of AWS WAF, use the ACL ARN, for example
arn:aws:wafv2:us-east-1:123456789012:global/webacl/ExampleWebACL/473e64fd-f30b-4765-81a0-62ad96dd167a.
To specify a web ACL created using AWS WAF Classic, use the ACL ID, for example 473e64fd-f30b-4765-81a0-62ad96dd167a.
ACM certificate that covers the specifeid domain names.
This certificate must be created in the region us-east-1.