MEDIUM
Source
CloudSploit
ID
secure-cloudfront-origin

Secure CloudFront Origin

Detects the use of secure web origins with secure protocols for CloudFront.

Traffic passed between the CloudFront edge nodes and the backend resource should be sent over HTTPS with modern protocols for all web-based origins.

Follow the appropriate remediation steps below to resolve the issue.

  1. Log in to the AWS Management Console.

  2. Select the “Services” option and search for CloudFront. Step

  3. Select the “Distribution” that needs to be verified.Step

  4. Click the “Distribution id” to get into the Distribution’s configuration page. Step

  5. Select the “General” tab and click on “Edit” button under settings.Step

  6. On the Edit Settings page, Scroll to the “Custom SSL certificate - optional” settings and ensure that you have a valid certificate selected from the dropdown if you are using your own certificate.Step

  7. Under “Security policy” ensure TLSv1.2(recommended) or higher protocol is selected.Step

  8. Scroll down and click on “Save changes”.Step

  9. Repeat steps number 5, 6 and 7 to verify other CloudFront Distributions.

  10. For distributions not using HTTPS and only using HTTP create a new distribution with similar source but set Viewer Protocol Policy to either HTTP to HTTPS or HTTPS only.Step