(cloudfront): Add support for ResponseHeadersPolicy

[ayush987goyal]

Description

Add support for ResponseHeadersPolicy as described in the following docs:

1. https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/creating-response-headers-policies.html
2. https://aws.amazon.com/about-aws/whats-new/2021/11/amazon-cloudfront-supports-cors-security-custom-http-response-headers/

Use Case

We need to be able to configure response CORS, headers and security policies without using cloudfront functions or Lambda@edge.

Proposed Solution

The ResponseHeadersPolicy should be available as a new construct under the @aws-cdk/aws-cloudfront construct library.

Other information

No response

Acknowledge

• I may be able to implement this feature request
• This feature might incur a breaking change

[peterwoodworth]

It doesn't look like CloudFormation has made any changes to CloudFront for this, and I don't see any issues for it in the coverage roadmap.

@ayush987goyal you say you might be able to implement this, do you have any plans on how you might do that?

[ayush987goyal]

@peterwoodworth Sorry for jumping the gun and getting too excited too fast. I, or perhaps anyone else, would only be able to implement once the CFN support for it lands of course 😅 .

[peterwoodworth]

Got it 😄 just wanted to make sure I wasn't missing anything

[robertd]

Hot off the press: https://twitter.com/cfnupdates/status/1456452444406358019?s=21

edit: And here is the actual link to the cfn docs. https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudfront-responseheaderspolicy.html