Add additional headers and variables

Lupus-Metallum · Sep 17, 2021 · 61431e1 · 61431e1
1 parent b1529bc
commit 61431e1
Show file tree

Hide file tree

Showing 4 changed files with 114 additions and 20 deletions.
diff --git a/main.tf b/main.tf
@@ -55,8 +55,28 @@ resource "aws_iam_role_policy_attachment" "execution_role" {
 
 data "archive_file" "this" {
   type        = "zip"
-  source_file = "${path.module}/src/index.js"
   output_path = "${path.module}/deploy.zip"
+  source {
+    content = templatefile("${path.module}/src/index.js.tpl", {
+      add_access_control_allow_origin    = length(var.access_control_allow_origin) > 0 ? true : false,
+      access_control_allow_origin_value  = var.access_control_allow_origin,
+      add_access_control_allow_methods   = length(var.access_control_allow_methods) > 0 ? true : false,
+      access_control_allow_methods_value = var.access_control_allow_methods,
+      add_strict_transport_security      = length(var.strict_transport_security) > 0 ? true : false,
+      strict_transport_security_value    = var.strict_transport_security,
+      add_content_security_policy        = length(var.content_security_policy) > 0 ? true : false,
+      content_security_policy_value      = var.content_security_policy,
+      add_x_content_type_options         = length(var.x_content_type_options) > 0 ? true : false,
+      x_content_type_options_value       = var.x_content_type_options,
+      add_x_frame_options                = length(var.x_frame_options) > 0 ? true : false,
+      x_frame_options_value              = var.x_frame_options,
+      add_x_xss_protection               = length(var.x_xss_protection) > 0 ? true : false,
+      x_xss_protection_value             = var.x_xss_protection,
+      add_referrer_policy                = length(var.referrer_policy) > 0 ? true : false,
+      referrer_policy_value              = var.referrer_policy,
+    })
+    filename = "index.js"
+  }
 }
 
 resource "aws_lambda_function" "this" {

diff --git a/src/index.js b/src/index.js
diff --git a/src/index.js.tpl b/src/index.js.tpl
@@ -0,0 +1,44 @@
+'use strict';
+exports.handler = (event, context, callback) => {
+    
+    //Get contents of response
+    const response = event.Records[0].cf.response;
+    const headers = response.headers;
+
+    //Set new headers 
+    const addAccessControlAllowOrigin = ${add_access_control_allow_origin}
+    if ( ${add_access_control_allow_origin} == true ) {
+        headers['access-control-allow-origin'] = [{key: 'Access-Control-Allow-Origin', value: '${access_control_allow_origin_value}'}]; 
+    }
+    const addAccessControlAllowMethods = ${add_access_control_allow_methods}
+    if (addAccessControlAllowMethods) {
+        headers['access-control-allow-methods'] = [{key: 'Access-Control-Allow-Methods', value: '${access_control_allow_methods_value}'}]; 
+    }
+    const addStrictTransportSecurity = ${add_strict_transport_security}
+    if (addStrictTransportSecurity) {
+        headers['strict-transport-security'] = [{key: 'Strict-Transport-Security', value: '${strict_transport_security_value}'}]; 
+    }
+    const addContentSecurityPolicy = ${add_content_security_policy}
+    if (addContentSecurityPolicy) {
+        headers['content-security-policy'] = [{key: 'Content-Security-Policy', value: "${content_security_policy_value}"}]; 
+    }
+    const addXContentTypeOptions = ${add_x_content_type_options}
+    if (addXContentTypeOptions) {
+        headers['x-content-type-options'] = [{key: 'X-Content-Type-Options', value: '${x_content_type_options_value}'}]; 
+    }
+    const addXFrameOptions = ${add_x_frame_options}
+    if (addXFrameOptions) {
+        headers['x-frame-options'] = [{key: 'X-Frame-Options', value: '${x_frame_options_value}'}]; 
+    }
+    const addXXssProtection = ${add_x_xss_protection}
+    if (addXXssProtection) {
+        headers['x-xss-protection'] = [{key: 'X-XSS-Protection', value: '${x_xss_protection_value}'}]; 
+    }
+    const addReferrerPolicy = ${add_referrer_policy}
+    if (addReferrerPolicy) {
+        headers['referrer-policy'] = [{key: 'Referrer-Policy', value: '${referrer_policy_value}'}]; 
+    }
+
+    //Return modified response
+    callback(null, response);
+};
diff --git a/variables.tf b/variables.tf
@@ -23,6 +23,54 @@ variable "timeout" {
 
 variable "memory_size" {
   type        = number
-  default     = 128
+  default     = 32
   description = "Memory to use for Lambda, defaults to 128mb"
+}
+
+variable "access_control_allow_origin" {
+  type        = string
+  default     = ""
+  description = "Value to use for the Access-Control-Allow-Origin header, when not provided this header is omitted."
+}
+
+variable "access_control_allow_methods" {
+  type        = string
+  default     = ""
+  description = "Value to use for the Access-Control-Allow-Methods header, when not provided this header is omitted."
+}
+
+variable "strict_transport_security" {
+  type        = string
+  default     = ""
+  description = "Value to use for the Strict-Transport-Security header, when not provided this header is omitted."
+}
+
+variable "content_security_policy" {
+  type        = string
+  default     = ""
+  description = "Value to use for the Content-Security-Policy header, when not provided this header is omitted."
+}
+
+variable "x_content_type_options" {
+  type        = string
+  default     = ""
+  description = "Value to use for the X-Content-Type-Options header, when not provided this header is omitted."
+}
+
+variable "x_frame_options" {
+  type        = string
+  default     = ""
+  description = "Value to use for the X-Frame-Options header, when not provided this header is omitted."
+}
+
+variable "x_xss_protection" {
+  type        = string
+  default     = ""
+  description = "Value to use for the X-XSS-Protection header, when not provided this header is omitted."
+}
+
+variable "referrer_policy" {
+  type        = string
+  default     = ""
+  description = "Value to use for the Referrer-Policy header, when not provided this header is omitted."
 }