10

CloudFront Config Rules

Last Update 3 maanden geleden

AWS Config Rule: CloudFront Access Logs Enabled AWS Config Rule: CloudFront No Deprecated SSL Protocols AWS Config Rule: CloudFront HTTPS Viewer Policy AWS Config Rule: CloudFront Associated With WAF AWS Config Rule: CloudFront Origin Access Identity Enabled

AWS Config Rule: CloudFront Traffic to Origin Encrypted

CLOUDFRONT_TRAFFIC_TO_ORIGIN_ENCRYPTED

Ryan Ware

Last Update 3 maanden geleden

Description: Checks if Amazon CloudFront distributions are encrypting traffic to custom origins. The rule is NON_COMPLIANT if ‘OriginProtocolPolicy’ is ‘http-only’ or if ‘OriginProtocolPolicy’ is ‘match-viewer’ and ‘ViewerProtocolPolicy’ is ‘allow-all’.


AWS Region: Only available in US East (N. Virginia) Region


Trigger type: Configuration changes

How to Resolve Manually

It is worth noting that the 'OriginProtocolPolicy' only applies to CloudFront Distribution Origin's which do not use Amazon S3 as an Origin Domain. If you use Amazon S3 as an origin Domain, this AWS Config Rule will not apply.


If you are using an alternate Origin Domain, such as API Gateway, you will see the Protocol appear in the Origin Settings, such as the picture displays below;

To ensure that we remediate this Config Rule if it is non-compliant, we must ensure that this Protocal is set to HTTPS Only

Want to know more about StackZone and how to make your cloud management simple and secure?

Check our how it works section with easy to follow videos or just create your own StackZone Account here

Was this article helpful?

0 out of 0 liked this article

Still need help? Message Us