BAU: Unmask Cloudfront custom origin haeder for secure pipeline migra…

…tion (#2487)
govuk-one-login · Jan 17, 2025 · 4c20e5d · 4c20e5d
1 parent 5d61c0d
commit 4c20e5d
Show file tree

Hide file tree

Showing 2 changed files with 0 additions and 9 deletions.
diff --git a/ci/terraform/cloudfront.tf b/ci/terraform/cloudfront.tf
@@ -16,13 +16,6 @@ resource "aws_cloudformation_stack" "cloudfront" {
     StandardLoggingEnabled       = true
     LogDestination               = var.cloudfront_WafAcl_Logdestination
   }
-
-  #ignoring below parameter as these parameter are been read via secret manager and terraform continually detects changes
-  # Note : we need to remove the below lifecycle if the Header are changed in Secret manager to appy new cloainking header value
-  lifecycle {
-    ignore_changes = [parameters["OriginCloakingHeader"], parameters["PreviousOriginCloakingHeader"]]
-  }
-
 }
 
 resource "aws_cloudformation_stack" "cloudfront-monitoring" {

diff --git a/ci/terraform/variables.tf b/ci/terraform/variables.tf
@@ -378,14 +378,12 @@ variable "cloudfront_zoneid" {
 
 variable "auth_origin_cloakingheader" {
   type        = string
-  sensitive   = true
   description = "This is header value for Cloufront to to verify requests are coming from the correct CloudFront distribution to ALB "
 }
 
 
 variable "previous_auth_origin_cloakingheader" {
   type        = string
-  sensitive   = true
   description = "This is previous header value when the value is rotated to ensure WAF will allow requests during rotation "
 }