top of page
< Back

AWS Foundational Security Best Practice

CloudFront.9

CloudFront distributions should encrypt traffic to custom origins

Severity

Cloud Platforms

Resources

MEDIUM

AWS

Amazon CloudFront

This control checks if CloudFront distributions are encrypting traffic to custom origins. This control fails if ‘OriginProtocolPolicy’ is ‘http-only’ or if ‘OriginProtocolPolicy’ is ‘match-viewer’ and ‘ViewerProtocolPolicy’ is ‘allow-all’.

bottom of page