AWS and Cloudanix team co-authored this blog: Real-Time Threat and Anomaly Detection for Workloads on AWS

Cloudanix

AWS Cloudfront Audit

Amazon Cloudfront Content Delivery Network (CDN) distributions should be configured to automatically compress content for web requests in order to increase your web applications performance and reduce bandwidth costs.

CloudFront Web Distributions Should Automatically Compress Web Content

Amazon Cloudfront Content Delivery Network (CDN) distributions should be configured to automatically compress content for web requests in order to increase your web applications performance and reduce bandwidth costs.

CloudFront Distributions Should Have Geo Restriction Enabled

Geo restriction should be enabled for your Amazon CloudFront CDN distribution to whitelist or blacklist a country in order to allow or restrict users in specific locations from accessing web application content.

AWS Account Should Use CloudFront CDN Service

AWS CloudFront Content Delivery Network (CDN) service should be used within your AWS account to secure and accelerate the delivery of your websites, media files or static resources.

CloudFront Distributions Should Not Use Insecure SSL Protocols

Your AWS Cloudfront Content Delivery Network distributions should not be using insecure SSL protocols (i.e. SSLv3) for HTTPS communication between CloudFront edge locations and your custom origins.

CloudFront Should Be Integrated With AWS WAF

All your AWS CloudFront web distributions should be integrated with the Web Application Firewall (AWS WAF) service to protect against application-layer attacks

Logging Should Be Enabled For CloudFront Distributions

Ensure that your AWS Cloudfront distributions have the Logging feature enabled in order to track all viewer requests for the content delivered through the Content Delivery Network (CDN).

CloudFront Distributions Should Use Security Policies With Appropriate Version And Ciphers

Your Amazon CloudFront distributions should use a security policy with minimum TLSv1.1 or TLSv1.2 and appropriate security ciphers for HTTPS viewer connections.

CloudFront Distributions Should Use HTTPS For Secure Delivery of Web Content

The communication between your AWS CloudFront distributions and their custom origins should be encrypted using HTTPS in order to secure the delivery of your web content.

Communication With Viewers Should Be Encrypted Using HTTPS

The communication between your Amazon CloudFront CDN distribution and its viewers (end users) should be encrypted using HTTPS in order to secure the delivery of your web application content

Origin Access Identity Should Be Enabled For CloudFront Distributions

The origin access identity feature should be enabled for all your AWS Cloudfront CDN distributions that utilize an S3 bucket as an origin in order to restrict any direct access to your objects through Amazon S3 URLs.

Origin Failover Should Be Enabled For CloudFront Distributions

Origin Failover feature should be enabled for your Amazon CloudFront web distributions in order to improve the availability of the content delivered to your end users

CloudFront Distributions Should Have Field-Level Encryption Enabled

Field-level encryption should be enabled for your Amazon CloudFront web distributions in order to help protect sensitive data like credit card numbers or social security numbers, and to help protect your data across application services.

Web Applications Should Use CDNs

Your web application should be using Amazon Cloudfront Content Distribution Network (CDN) to secure its content delivery to absorb and mitigate potential Distributed Denial of Service (DDoS) attacks and keep the application available for legitimate users.

HTTPS Should Be Enabled on CloudFront Distributions

CloudFront distributions should be enabled with HTTPS

cta-image

Secure Every Layer of Your Cloud Stack with Cloudanix

Unify your security workflows with Cloudanix — one dashboard for misconfigurations, drift detection, CI/CD, and identity protection.

Get Started

CLOUDANIX

Insights from Cloudanix

Explore guides, checklists, and blogs that simplify cloud security and help you secure your infrastructure.