CloudFront.9

This control checks if CloudFront distributions are encrypting traffic to custom origins. This control fails if ‘OriginProtocolPolicy’ is ‘http-only’ or if ‘OriginProtocolPolicy’ is ‘match-viewer’ and ‘ViewerProtocolPolicy’ is ‘allow-all’.