I want to secure Cloudfront response using S3 object metadata and some role data in DB (or some remote service), specif for current user. I think I should use viewer-response
event here, to have access to S3 data and user data together. I try to set status
and statusDescription
in response
object, but it does not work for viewer-response
event, works for all other events. Setting headers still works.
exports.handler = async (event) => {
const response = event.Records[0].cf.response;
const request = event.Records[0].cf.request;
const isUserAllowed = await allowedByTokenAndDb(request);
const isS3ObjectAllowed = response.headers['x-amz-meta-isSecure'][0].value === 'true';
if (!isUserAllowed || !isS3ObjectAllowed) {
response.status = '403'; // does not work
response.statusDescription = 'Nothing';
}
response.headers['X-Powered-By'] = [{ // works, header will be added
key: 'X-Powered-By',
value: 'lol',
}]
return response;
}
Is there any way to make viewer-response
return another status? AWS documentation does not tell that it is possible or not. Maybe there is another solution?