Support for CloudFront functions tags via CloudFormation

aws-cloudformation / cloudformation-coverage-roadmap

The AWS CloudFormation Public Coverage Roadmap

https://aws.amazon.com/cloudformation/

Creative Commons Attribution Share Alike 4.0 International

1.11k stars 54 forks source link

Support for CloudFront functions tags via CloudFormation #1701

Open dmartinezrubio opened 1 year ago

dmartinezrubio commented 1 year ago

Name of the resource

AWS::CloudFront::Function

Resource name

No response

Description

Customer would like to deploy their CF configuration but they would need to add tags on CFF

Other Details

No response

pwlnpro commented 1 month ago

Cloudfront Functions are often used as Layer 7 credential validation due to it's scalability of over 10.000.000 RPS per Edge Location. Due to this, we need to restrict access to function based on tags (ABAC). As the function is handling encryption keys, it is critical for us to lock it away.

This request would support that, as ABAC is not optimal without Tags. See https://docs.aws.amazon.com/IAM/latest/UserGuide/introduction_attribute-based-access-control.html

pwlnpro commented 1 month ago

@yimipeng sorry for the personal mention, but can this be relabeled as coverage? Thanks! <3

Didn't manage to find a guide on how to use the bot here (if even possible)