Lambda@EDGE Add index.html to request

Node 8

'use strict';
exports.handler = (event, context, callback) => {
 
    // Extract the request from the CloudFront event that is sent to Lambda@Edge 
    var request = event.Records[0].cf.request;
 
    // Extract the URI from the request
    var olduri = request.uri;
 
    // Match any '/' that occurs at the end of a URI. Replace it with a default index
    var newuri = olduri.replace(/\/$/, '\/index.html');
 
    // Log the URI as received by CloudFront and the new URI to be used to fetch from origin
    console.log("Old URI: " + olduri);
    console.log("New URI: " + newuri);
 
    // Replace the received URI with the URI that includes the index page
    request.uri = newuri;
 
    // Return to CloudFront
    return callback(null, request);
 
};
Posted in Web

Lambda@EDGE Security Headers

Node 8

'use strict';
exports.handler = (event, context, callback) => {
 
    //Get contents of response
    const response = event.Records[0].cf.response;
    const headers = response.headers;
 
//Set new headers 
 headers['strict-transport-security'] = [{key: 'Strict-Transport-Security', value: 'max-age=63072000; includeSubdomains; preload'}]; 
 headers['content-security-policy'] = [{key: 'Content-Security-Policy', value: "default-src 'self' 'unsafe-inline' 'unsafe-eval'"}];
 headers['x-content-type-options'] = [{key: 'X-Content-Type-Options', value: 'nosniff'}]; 
 headers['x-frame-options'] = [{key: 'X-Frame-Options', value: 'DENY'}]; 
 headers['x-xss-protection'] = [{key: 'X-XSS-Protection', value: '1; mode=block'}]; 
 headers['referrer-policy'] = [{key: 'Referrer-Policy', value: 'same-origin'}];
 headers['x-custom-header'] = [{key: 'X-Custom-Header', value: 'SH_V1'}];
 headers['cache-control'] = [{key: 'Cache-Control', value: 'no-store'}];
 headers['feature-policy'] = [{key: 'Feature-Policy', value: "microphone 'self'"}];
 headers['expect-ct'] = [{key: 'Expect-CT', value: 'enforce, max-age=30'}];
 
    //Return modified response
    callback(null, response);
};
Posted in Web

Python Cloudfront Invalidation Script

#!/usr/bin/env python3
 
from datetime import tzinfo, timedelta, datetime, date, timezone
import boto3
 
cf = boto3.client('cloudfront')
 
timestamp=str(datetime.timestamp(datetime.today()))
 
distributions=cf.list_distributions()
 
if distributions['DistributionList']['Quantity'] > 0:
  for distribution in distributions['DistributionList']['Items']:
    print("Distribution Id: " + distribution['Id'])
    print("Time: " + timestamp)
    cf.create_invalidation(
        DistributionId=distribution['Id'],
        InvalidationBatch={
            'Paths': {
                'Quantity': 1,
                'Items': [
                    '/*',
                ]
            },
            'CallerReference': timestamp
        }
    )
else:
   print("Error - No CloudFront Distributions Detected.")