AWS Config Rule: CloudFront Default Root Object Configured

Description: Checks if an Amazon CloudFront distribution is configured to return a specific object that is the default root object. The rule is NON_COMPLIANT if Amazon CloudFront distribution does not have a default root object configured.

Trigger type: Configuration changes

AWS Region: Only available in US East (N. Virginia) Region

A default root object is an optional piece of configuration for a CloudFront Distribution. It is an object which is returned to the viewer when they request the root URL (/) instead of a specific object.

Within your CloudFront Distribution, under settings near the bottom of the configuration pieces, you will see this small text box where you can set a default root object. Enter only the object name, for example, index.html. Do not add a / before the object name.

Note: If the file name of the default root object is too long or contains an invalid character, CloudFront returns the error HTTP 400 Bad Request - InvalidDefaultRootObject. In addition, CloudFront caches the code for 10 seconds (by default) and writes the results to the access logs.

For more detailed information on this topic, view the Official AWS Documentation.

StackZone can automatically resolve your non-compliant CloudFront Distribution Default Root Object by running an automation script to add a predefined Root Object in StackZone's Console.

To enable this remediation, within the StackZone console head on over to Provisioning > Baseline Services > AWS Config Rules Regional > AWS CloudFront, enable the CloudFront Default Root Object Remediation and define your desired Root Object. Check the following screenshot for further details:

Want to know more about StackZone and how to make your cloud management simple and secure?

Check our how it works section with easy to follow videos or just create your own StackZone Account here