Pass User-Agent through to the origin to track stats of cache-misses

[DavidS-ovm]

No description provided.

[github-actions]

Open in Overmind ↗

---

🔴 Change Signals

Routine 🔴 ▇▅▃▂▁ AWS CloudFront origin request policy showing first ever modifications across multiple attributes, which is unusual compared to typical patterns.

View signals ↗

---

🔥 Risks

Risk of Stale Content Due to Increased TTL Settings in CloudFront Distribution ❗Medium Open Risk ↗
The update to the CloudFront distribution changes the default TTL from 0 to 3600 seconds and the max TTL from 0 to 86400 seconds. This increases the caching duration, which could lead to stale content being served if the origin content updates more frequently than the TTL. The absence of information on cache invalidation processes and real-time data dependencies increases the risk of outdated content being delivered to users.

Potential Stale Content Due to TTL Changes in CloudFront Distribution E93XJAUIPC0I3 ❗Medium Open Risk ↗
The update to CloudFront distribution E93XJAUIPC0I3 changes the default TTL from 0 to 3600 seconds and the max TTL from 0 to 86400 seconds. This could lead to stale content being served if the origin content updates more frequently than the TTL settings. Without proper cache invalidation mechanisms, updates to origin content may not be reflected promptly, potentially affecting applications that rely on real-time data.

Potential Cache Fragmentation and Stale Content Due to User-Agent Header Forwarding and TTL Changes ❗Medium Open Risk ↗
The creation of a new CloudFront origin request policy that forwards the User-Agent header to the origin could lead to cache fragmentation. Different User-Agent values might result in varied cached responses, potentially increasing the load on the origin if it cannot efficiently handle these variations. Additionally, the updated TTL settings for CloudFront distributions E19PN19DJTAN90 and E93XJAUIPC0I3, which increase the default TTL from 0 to 3600 seconds and the max TTL from 0 to 86400 seconds, may reduce cache misses but could also lead to stale content if the origin does not update frequently. This could affect performance and user experience if not aligned with the origin's caching strategy.

---

🟣 Expected Changes

~ cloudfront-distribution › E19PN19DJTAN90

- default_cache_behavior: [map[allowed_methods:[DELETE GET HEAD OPTIONS PATCH POST PUT] cache_policy_id:0467f0da-8b68-4740-9573-6f9cdacca5b6 cached_methods:[GET HEAD] compress:false default_ttl:0 field_level_encryption_id: forwarded_values:[] function_association:[] grpc_config:[map[enabled:false]] lambda_function_association:[] max_ttl:0 min_ttl:0 origin_request_policy_id: realtime_log_config_arn: response_headers_policy_id: smooth_streaming:false target_origin_id:myS3Origin trusted_key_groups:[] trusted_signers:[] viewer_protocol_policy:redirect-to-https]]
+ default_cache_behavior: [map[allowed_methods:[DELETE GET HEAD OPTIONS PATCH POST PUT] cache_policy_id:0467f0da-8b68-4740-9573-6f9cdacca5b6 cached_methods:[GET HEAD] compress:false default_ttl:3600 field_level_encryption_id: forwarded_values:[] function_association:[] grpc_config:[map[enabled:false]] lambda_function_association:[] max_ttl:86400 min_ttl:0 origin_request_policy_id:(known after apply) realtime_log_config_arn: response_headers_policy_id: smooth_streaming:false target_origin_id:myS3Origin trusted_key_groups:[] trusted_signers:[] viewer_protocol_policy:redirect-to-https]]
- ordered_cache_behavior: [map[allowed_methods:[GET HEAD OPTIONS] cache_policy_id: cached_methods:[GET HEAD OPTIONS] compress:true default_ttl:86400 field_level_encryption_id: forwarded_values:[map[cookies:[map[forward:none whitelisted_names:[]]] headers:[Origin] query_string:false query_string_cache_keys:[]]] function_association:[] grpc_config:[map[enabled:false]] lambda_function_association:[] max_ttl:3.1536e+07 min_ttl:0 origin_request_policy_id: path_pattern:/content/immutable/* realtime_log_config_arn: response_headers_policy_id:132e10ff-93d1-4e1a-9909-6cb69b8b743a smooth_streaming:false target_origin_id:myS3Origin trusted_key_groups:[] trusted_signers:[] viewer_protocol_policy:redirect-to-https] map[allowed_methods:[GET HEAD OPTIONS] cache_policy_id:0467f0da-8b68-4740-9573-6f9cdacca5b6 cached_methods:[GET HEAD] compress:true default_ttl:0 field_level_encryption_id: forwarded_values:[] function_association:[] grpc_config:[map[enabled:false]] lambda_function_association:[] max_ttl:0 min_ttl:0 origin_request_policy_id: path_pattern:/content/* realtime_log_config_arn: response_headers_policy_id: smooth_streaming:false target_origin_id:myS3Origin trusted_key_groups:[] trusted_signers:[] viewer_protocol_policy:redirect-to-https]]
+ ordered_cache_behavior: [map[allowed_methods:[GET HEAD OPTIONS] cache_policy_id: cached_methods:[GET HEAD OPTIONS] compress:true default_ttl:86400 field_level_encryption_id: forwarded_values:[map[cookies:[map[forward:none whitelisted_names:[]]] headers:[Origin] query_string:false query_string_cache_keys:[]]] function_association:[] grpc_config:[map[enabled:false]] lambda_function_association:[] max_ttl:3.1536e+07 min_ttl:0 origin_request_policy_id: path_pattern:/content/immutable/* realtime_log_config_arn: response_headers_policy_id:132e10ff-93d1-4e1a-9909-6cb69b8b743a smooth_streaming:false target_origin_id:myS3Origin trusted_key_groups:[] trusted_signers:[] viewer_protocol_policy:redirect-to-https] map[allowed_methods:[GET HEAD OPTIONS] cache_policy_id:0467f0da-8b68-4740-9573-6f9cdacca5b6 cached_methods:[GET HEAD] compress:true default_ttl:3600 field_level_encryption_id: forwarded_values:[] function_association:[] grpc_config:[map[enabled:false]] lambda_function_association:[] max_ttl:86400 min_ttl:0 origin_request_policy_id:(known after apply) path_pattern:/content/* realtime_log_config_arn: response_headers_policy_id: smooth_streaming:false target_origin_id:myS3Origin trusted_key_groups:[] trusted_signers:[] viewer_protocol_policy:redirect-to-https]]

~ cloudfront-distribution › E93XJAUIPC0I3

- default_cache_behavior: [map[allowed_methods:[DELETE GET HEAD OPTIONS PATCH POST PUT] cache_policy_id:0467f0da-8b68-4740-9573-6f9cdacca5b6 cached_methods:[GET HEAD] compress:false default_ttl:0 field_level_encryption_id: forwarded_values:[] function_association:[] grpc_config:[map[enabled:false]] lambda_function_association:[] max_ttl:0 min_ttl:0 origin_request_policy_id: realtime_log_config_arn: response_headers_policy_id:132e10ff-93d1-4e1a-9909-6cb69b8b743a smooth_streaming:false target_origin_id:visit-counter-ecs trusted_key_groups:[] trusted_signers:[] viewer_protocol_policy:redirect-to-https]]
+ default_cache_behavior: [map[allowed_methods:[DELETE GET HEAD OPTIONS PATCH POST PUT] cache_policy_id:0467f0da-8b68-4740-9573-6f9cdacca5b6 cached_methods:[GET HEAD] compress:false default_ttl:3600 field_level_encryption_id: forwarded_values:[] function_association:[] grpc_config:[map[enabled:false]] lambda_function_association:[] max_ttl:86400 min_ttl:0 origin_request_policy_id:(known after apply) realtime_log_config_arn: response_headers_policy_id:132e10ff-93d1-4e1a-9909-6cb69b8b743a smooth_streaming:false target_origin_id:visit-counter-ecs trusted_key_groups:[] trusted_signers:[] viewer_protocol_policy:redirect-to-https]]

---

🟠 Unmapped Changes

+ aws_cloudfront_origin_request_policy › module.scenarios[0].aws_cloudfront_origin_request_policy.headers_based_policy

+ arn: (known after apply)
+ comment: This policy forwards specific headers to the origin
+ cookies_config: [map[cookie_behavior:none cookies:[]]]
+ etag: (known after apply)
+ headers_config: [map[header_behavior:whitelist headers:[map[items:[User-Agent]]]]]
+ id: (known after apply)
+ name: OriginHeadersBasedPolicy
+ query_strings_config: [map[query_string_behavior:none query_strings:[]]]
+ terraform_address: module.scenarios[0].aws_cloudfront_origin_request_policy.headers_based_policy
+ terraform_name: module.scenarios[0].aws_cloudfront_origin_request_policy.headers_based_policy

---

💥 Blast Radius

Items 388

Edges 681