Expected Changes

cloudfront-response-headers-policy › 8ed09a88-177f-4f37-a844-66b7b54a7cda

--- current
+++ planned
@@ -4,6 +4,8 @@
       access_control_allow_headers:
         - items:
             - X-Example-Header
+            - X-Session
+            - X-Trace-ID
       access_control_allow_methods:
         - items:
             - GET

Blast Radius

Items	Edges
459	465

Open in Overmind

Risks

Cache Behavior Impact on CloudFront Distribution [Medium]

The update in access_control_allow_headers by adding X-Session and X-Trace-ID headers could affect caching behavior of the CloudFront Distribution 540044833068.cloudfront-distribution.E15V1JM5GZXBKB. If the application logic relies on these headers for caching, their addition without corresponding application code changes may lead to unintended cache hits or misses, potentially serving stale content or reducing cache efficiency.

Disruption to CORS Policy [Medium]

The automatic addition of headers to the aws_cloudfront_response_headers_policy named headers-policy (GloballyUniqueName: 540044833068.cloudfront-response-headers-policy.8ed09a88-177f-4f37-a844-66b7b54a7cda) can disrupt the current CORS configuration. If the application relies on a strict CORS policy allowing only specific headers, adding new headers could either open up more than intended or cause requests to be blocked if not handled by the application logic.

Inadequate Validation of New Headers [Medium]

New headers X-Session and X-Trace-ID are introduced without evidence of validation in the existing infrastructure. Without proper validation that the application or other services correctly use these headers, functionality could be affected, leading to potential errors or misbehavior in the services that depend on header data.