Back to All Checks
Medium CloudFront

CloudFront distributions should encrypt traffic to custom origins

NISTISO 27001HIPAA

Description

Checks if CloudFront distributions are encrypting traffic to custom origins. This control fails for a CloudFront distribution whose origin protocol policy allows 'http-only' or if the distribution's origin protocol policy is 'match-viewer' while the viewer protocol policy is 'allow-all'.

Remediation

To update the Origin Protocol Policy to require encryption for a CloudFront connection, refer to the Amazon CloudFront Developer Guide.

Steps

  1. Open the Amazon CloudFront console.
  2. Choose the distribution to update.
  3. Navigate to the 'Origins and Origin Groups' section.
  4. Edit the origin and ensure the 'Origin Protocol Policy' is set to 'HTTPS Only' or 'Match Viewer'.
  5. Save changes.

Compliance

NISTISO 27001HIPAA
Start Your Free Security Check