top of page
AWS Foundational Security Best Practice
CloudFront.9
CloudFront distributions should encrypt traffic to custom origins
Severity
Cloud Platforms
Resources
MEDIUM
AWS
Amazon CloudFront
This control checks if CloudFront distributions are encrypting traffic to custom origins. This control fails if ‘OriginProtocolPolicy’ is ‘http-only’ or if ‘OriginProtocolPolicy’ is ‘match-viewer’ and ‘ViewerProtocolPolicy’ is ‘allow-all’.
bottom of page