Vulnerabilities
Misconfiguration
Runtime Security
Compliance
AWS > CloudFront >

Secure CloudFront Origin

MEDIUM
Source
CloudSploit
ID
secure-cloudfront-origin
management console

Secure CloudFront Origin

Detects the use of secure web origins with secure protocols for CloudFront.

Traffic passed between the CloudFront edge nodes and the backend resource should be sent over HTTPS with modern protocols for all web-based origins.

Follow the appropriate remediation steps below to resolve the issue.

  1. Log in to the AWS Management Console.

  2. Select the “Services” option and search for CloudFront. Step

  3. Select the “Distribution” that needs to be verified.Step

  4. Click the “Distribution id” to get into the Distribution’s configuration page. Step

  5. Select the “General” tab and click on “Edit” button under settings.Step

  6. On the Edit Settings page, Scroll to the “Custom SSL certificate - optional” settings and ensure that you have a valid certificate selected from the dropdown if you are using your own certificate.Step

  7. Under “Security policy” ensure TLSv1.2(recommended) or higher protocol is selected.Step

  8. Scroll down and click on “Save changes”.Step

  9. Repeat steps number 5, 6 and 7 to verify other CloudFront Distributions.

  10. For distributions not using HTTPS and only using HTTP create a new distribution with similar source but set Viewer Protocol Policy to either HTTP to HTTPS or HTTPS only.Step

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2024 Aqua Security Software Ltd.   Privacy Policy | Terms of Use