cloudformation-coverage-roadmap icon indicating copy to clipboard operation
cloudformation-coverage-roadmap copied to clipboard

Published 20 hours ago verified publisher icon aws-cloudformation

Support for CloudFront functions tags via CloudFormation

Open dmartinezrubio opened this issue 2 years ago • 2 comments
trafficstars

Name of the resource

AWS::CloudFront::Function

Resource name

No response

Description

Customer would like to deploy their CF configuration but they would need to add tags on CFF

Other Details

No response

dmartinezrubio avatar May 30 '23 15:05 dmartinezrubio

Cloudfront Functions are often used as Layer 7 credential validation due to it's scalability of over 10.000.000 RPS per Edge Location. Due to this, we need to restrict access to function based on tags (ABAC). As the function is handling encryption keys, it is critical for us to lock it away.

This request would support that, as ABAC is not optimal without Tags. See https://docs.aws.amazon.com/IAM/latest/UserGuide/introduction_attribute-based-access-control.html

pwlnpro avatar Jul 16 '24 11:07 pwlnpro

@yimipeng sorry for the personal mention, but can this be relabeled as coverage? Thanks! <3

Didn't manage to find a guide on how to use the bot here (if even possible)

pwlnpro avatar Jul 16 '24 12:07 pwlnpro