@@ -286,7 +286,8 @@ resource "aws_cloudfront_distribution" "s3_distribution" {
286286 cached_methods = " GET" " HEAD"
287287 target_origin_id = . s3_origin_id
288288
289- cache_policy_id = . headers_based_policy . id
289+ cache_policy_id = . headers_based_policy . id
290+ origin_request_policy_id = . headers_based_policy . id
290291
291292 viewer_protocol_policy = " redirect-to-https"
292293 min_ttl = 0
@@ -325,7 +326,8 @@ resource "aws_cloudfront_distribution" "s3_distribution" {
325326 cached_methods = " GET" " HEAD"
326327 target_origin_id = . s3_origin_id
327328
328- cache_policy_id = . headers_based_policy . id
329+ cache_policy_id = . headers_based_policy . id
330+ origin_request_policy_id = . headers_based_policy . id
329331
330332 min_ttl = 0
331333 default_ttl = 3600
@@ -412,6 +414,25 @@ resource "aws_cloudfront_cache_policy" "headers_based_policy" {
412414 }
413415}
414416
417+ resource "aws_cloudfront_origin_request_policy" "headers_based_policy" {
418+ name = " OriginHeadersBasedPolicy"
419+ comment = " This policy forwards specific headers to the origin"
420+ headers_config {
421+ header_behavior = " whitelist"
422+ headers {
423+ items = " User-Agent"
424+ }
425+ }
426+
427+ cookies_config {
428+ cookie_behavior = " none"
429+ }
430+
431+ query_strings_config {
432+ query_string_behavior = " none"
433+ }
434+ }
435+
415436
416437#
417438# ECS & Workloads
@@ -725,7 +746,8 @@ resource "aws_cloudfront_distribution" "visit_counter" {
725746 cached_methods = " GET" " HEAD"
726747 target_origin_id = " visit-counter-ecs"
727748
728- cache_policy_id = . headers_based_policy . id
749+ cache_policy_id = . headers_based_policy . id
750+ origin_request_policy_id = . headers_based_policy . id
729751
730752 viewer_protocol_policy = " redirect-to-https"
731753 min_ttl = 0
0 commit comments