CloudFront Distribution Does Not Encrypt Traffic to Custom Origins

Overview

This check verifies whether Amazon CloudFront distributions are applying encryption to traffic directed towards custom origins. The assessment result is considered a failure for a CloudFront distribution if its origin protocol policy permits 'http-only.' Additionally, this control registers a failure if the distribution's origin protocol policy is set to 'match-viewer' while the viewer protocol policy is configured as 'allow-all.'

Utilizing HTTPS (TLS) is crucial in mitigating the risks of eavesdropping and tampering with network traffic. Consequently, only encrypted connections via HTTPS (TLS) should be permitted.

Vendor

AWS

Cloud Service

CloudFront

CloudFront.9

Severity

Item Types

AWS::CloudFront::Distribution

Overview​

Vendor​

Cloud Service​

Related Controls​

Severity​

Item Types​

Overview

Vendor

Cloud Service

Related Controls

Severity

Item Types