CloudFront Distribution Points to Non-existent S3 Origin

Overview

This check validates whether Amazon CloudFront distributions are associated with Amazon S3 origins that do not exist. If a CloudFront distribution is configured to direct to a non-existent bucket, this evaluation will result in a failure. It's important to note that this control is applicable solely to CloudFront distributions where the S3 origin lacks static website hosting.

When a CloudFront distribution in your account is configured to reference a non-existent bucket, it opens the possibility for a malicious third party to create that bucket and serve their own content via your distribution. Therefore, it is strongly advised to verify all origins, irrespective of their routing behavior, to ensure the appropriateness of the origins linked to your distributions.

Vendor

AWS

Cloud Service

CloudFront

CloudFront.12

Severity

Item Types

AWS::CloudFront::Distribution

Overview​

Vendor​

Cloud Service​

Related Controls​

Severity​

Item Types​

Overview

Vendor

Cloud Service

Related Controls

Severity

Item Types