Amazon Cloudfront Content Delivery Network (CDN) distributions should be configured to automatically compress content for web requests in order to increase your web applications performance and reduce bandwidth costs.
Geo restriction should be enabled for your Amazon CloudFront CDN distribution to whitelist or blacklist a country in order to allow or restrict users in specific locations from accessing web application content.
AWS CloudFront Content Delivery Network (CDN) service should be used within your AWS account to secure and accelerate the delivery of your websites, media files or static resources.
Your AWS Cloudfront Content Delivery Network distributions should not be using insecure SSL protocols (i.e. SSLv3) for HTTPS communication between CloudFront edge locations and your custom origins.
All your AWS CloudFront web distributions should be integrated with the Web Application Firewall (AWS WAF) service to protect against application-layer attacks
Ensure that your AWS Cloudfront distributions have the Logging feature enabled in order to track all viewer requests for the content delivered through the Content Delivery Network (CDN).
Your Amazon CloudFront distributions should use a security policy with minimum TLSv1.1 or TLSv1.2 and appropriate security ciphers for HTTPS viewer connections.
The communication between your AWS CloudFront distributions and their custom origins should be encrypted using HTTPS in order to secure the delivery of your web content.
The communication between your Amazon CloudFront CDN distribution and its viewers (end users) should be encrypted using HTTPS in order to secure the delivery of your web application content
The origin access identity feature should be enabled for all your AWS Cloudfront CDN distributions that utilize an S3 bucket as an origin in order to restrict any direct access to your objects through Amazon S3 URLs.
Origin Failover feature should be enabled for your Amazon CloudFront web distributions in order to improve the availability of the content delivered to your end users
Field-level encryption should be enabled for your Amazon CloudFront web distributions in order to help protect sensitive data like credit card numbers or social security numbers, and to help protect your data across application services.
Your web application should be using Amazon Cloudfront Content Distribution Network (CDN) to secure its content delivery to absorb and mitigate potential Distributed Denial of Service (DDoS) attacks and keep the application available for legitimate users.
CloudFront distributions should be enabled with HTTPS
If you are not yet convinced to sign up with Cloudanix, that's not a problem. We recommend you use a comprehensive checklist which your team can use to perform a manual assessment of your workload.