AWS Cloudfront Audit

Audit your Cloudfront to safe gaurd your data

What we do?

Automatically Compress Web Content

Ensure that Amazon Cloudfront Content Delivery Network (CDN) distributions are configured to automatically compress content for web requests in order to increase your web applications performance and reduce bandwidth costs.

Addresses: Cost Optimisation

Enable Geo Restriction

Ensure that geo restriction is enabled for your Amazon CloudFront CDN distribution to whitelist or blacklist a country in order to allow or restrict users in specific locations from accessing web application content.

Addresses: Security

Use CloudFront CDN service

Ensure that AWS CloudFront Content Delivery Network (CDN) service is used within your AWS account to secure and accelerate the delivery of your websites, media files or static resources.

Addresses: Security

Use Recommended SSL Protocols

Ensure that your AWS Cloudfront Content Delivery Network distributions are not using insecure SSL protocols (i.e. SSLv3) for HTTPS communication between CloudFront edge locations and your custom origins.

Addresses: Security

CloudFront must be integrated with AWS WAF

Ensure that all your AWS CloudFront web distributions are integrated with the Web Application Firewall (AWS WAF) service to protect against application-layer attacks

Addresses: Security

Logging Feature must be enabled

Ensure that your AWS Cloudfront distributions have the Logging feature enabled in order to track all viewer requests for the content delivered through the Content Delivery Network (CDN).

Addresses: Security

Check Security Policy version

Ensure that your Amazon CloudFront distributions use a security policy with minimum TLSv1.1 or TLSv1.2 and appropriate security ciphers for HTTPS viewer connections.

Addresses: Security

Use HTTPS to secure delivery of web content

Ensure that the communication between your AWS CloudFront distributions and their custom origins is encrypted using HTTPS in order to secure the delivery of your web content.

Addresses: Security

Communication must be encrypted using HTTPS

Ensure that the communication between your Amazon CloudFront CDN distribution and its viewers (end users) is encrypted using HTTPS in order to secure the delivery of your web application content

Addresses: Security

Origin Access Identity must be enabled

Ensure that the origin access identity feature is enabled for all your AWS Cloudfront CDN distributions that utilize an S3 bucket as an origin in order to restrict any direct access to your objects through Amazon S3 URLs.

Addresses: Security

Origin Failover must be enabled

Ensure that Origin Failover feature is enabled for your Amazon CloudFront web distributions in order to improve the availability of the content delivered to your end users

Addresses: Reliability

Enable Field-Level Encryption

Ensure that field-level encryption is enabled for your Amazon CloudFront web distributions in order to help protect sensitive data like credit card numbers or social security numbers, and to help protect your data across application services.

Addresses: Security

Use CDNs for web applications

Ensure that your web application is using Amazon Cloudfront Content Distribution Network (CDN) to secure its content delivery.

Addresses: Security

HTTPS Enabled on CloudFront

Check if CloudFront distributions are set to HTTPS

Addresses: Security


Not ready for a free signup yet? No worries!

We suggest you use the checklist!

If you are not yet convinced to sign up with Cloudanix, that's not a problem. We recommend you use a comprehensive checklist which your team can use to perform a manual assessment of your workload.