copilot-cli icon indicating copy to clipboard operation
copilot-cli copied to clipboard
verified publisher icon aws

Feature request: Additional configuration on ALB managed by Copilot

Open rickychew77 opened this issue 2 years ago • 1 comments

While we are making deployment with CoPilot, we need to ensure configuration like Drop invalid header fields and others like Deletion protection, WAF fail open etc are enabled in ALB and doesn't seems to be able to manage it in CoPilot manifest, ideally each ALB we deploy with CoPilot should have this, otherwise we'll have to manually turn it on in console which can be daunting for ClickOps!

Having this attribute may making backend server target vulnerable to HTTP desync attacks.

Do let me know if there's any better way than ClickOps to do so! Cheers

rickychew77 avatar Jan 19 '24 02:01 rickychew77

Try using yaml patch for the environments! You can use yaml patch to add these attributes to the CloudFormation template that Copilot generates. After you have the patch, run copilot svc package --diff or copilot svc deploy --diff to make sure that you are happy with the change before deploying!

Lou1415926 avatar Jan 19 '24 03:01 Lou1415926

This issue is stale because it has been open 60 days with no response activity. Remove the stale label, add a comment, or this will be closed in 14 days.

github-actions[bot] avatar Mar 20 '24 00:03 github-actions[bot]

This issue is closed due to inactivity. Feel free to reopen the issue if you have any further questions!

github-actions[bot] avatar Apr 03 '24 00:04 github-actions[bot]