HTTP response headers can now be customized via Lambda@edge functions. Please see http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/lambda-at-the-edge.html for the documentation. To try this, create a new lambda function in the AWS console. Choose 'Edge Nodge.js 4.3' for the language and look for the cloudfront-modify-response-header template. If you do this, Lambda will ask you which CloudFront distribution and event to apply the function to. Note that you can edit or change this at any time by going to the Cloudfront behavior tab.
I have just tried this and a couple of notes:
There is no longer specific edge nodejs runtime, but the lambda needs to be created in the N Virginia region and triggered by cloudfront origin-response or viewer-response.
The code out of the box doesnt seem to work any more. It gives ERR_CONTENT_DECODING_FAILED.
You can now add custom HTTP response headers (including CORS and security headers like HSTS) natively in CloudFront—without modifying your origin or writing functions. If you go to Policies > Response headers in the console, you can create a reusable policy with your configuration then attach it to one or more cache behaviors where you would like those headers added. This is also available via the API, CLI, SDK, and so forth.
An update on this...
HTTP response headers can now be customized via Lambda@edge functions. Please see http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/lambda-at-the-edge.html for the documentation. To try this, create a new lambda function in the AWS console. Choose 'Edge Nodge.js 4.3' for the language and look for the cloudfront-modify-response-header template. If you do this, Lambda will ask you which CloudFront distribution and event to apply the function to. Note that you can edit or change this at any time by going to the Cloudfront behavior tab.
Here's an example lambda function...
It is not currently possible, see https://forums.aws.amazon.com/thread.jspa?threadID=162252 for a discussion about it.
Edit: Lambda@Edge has made it possible, see below.
To add to Andrew's answer:
I have just tried this and a couple of notes: There is no longer specific edge nodejs runtime, but the lambda needs to be created in the N Virginia region and triggered by cloudfront origin-response or viewer-response.
The code out of the box doesnt seem to work any more. It gives ERR_CONTENT_DECODING_FAILED.
Solution is to use json syntax as follows:
Another update on this...
You can now add custom HTTP response headers (including CORS and security headers like HSTS) natively in CloudFront—without modifying your origin or writing functions. If you go to Policies > Response headers in the console, you can create a reusable policy with your configuration then attach it to one or more cache behaviors where you would like those headers added. This is also available via the API, CLI, SDK, and so forth.
Documentation is available here: https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/adding-response-headers.html
Correct, since Lambda@Edge is generally available they restricted it to N Virginia and one has to choose Node 6.10 rather than Node 4.3.
The relevant part of our code below (for our purpose this will always be a 302 permanent redirect):
By configuring different behaviors on CloudFront you can limit which requests will call the Lambda function.