security

In November 2021, AWS announced Response Headers Policies — native support of response headers in CloudFront. You can read the full announcement here: Amazon CloudFront introduces Response Headers Policies I said “native” because previously you could set response headers either using CloudFront Functions or Lambda@Edge. And one of the common use cases for that was to set security headers. Now you don’t need to add intermediate requests processing to modify the headers: CloudFront does that for you with no additional fee....

In November 2021, AWS has added this functionality as a native CloudFront feature. I suggest switching to the native implementation. I have described how to configure Security Response Headers for CloudFront in the following article: Apply Cloudfront Security Headers With Terraform A couple of weeks ago, AWS released CloudFront Functions — a “true edge” compute capability for the CloudFront. It is “true edge” because Functions work on 200+ edge locations (link to doc) while its predecessor, the Lambda@Edge, runs on a small number of regional edge caches....

Lookup plugins for Ansible allow you to do a lot of cool things. One of them is to securely pass sensitive information to your playbooks. If you manage some apps in AWS with Ansible, then using Parameter Store or Secrets Manager along with it might greatly improve your security. Variables with SSM Parameter Store Let’s say you have some variables defined in ‘defaults/main.yaml’ file of your role or maybe in group_vars....