Ensure that your web application is using Amazon Cloudfront Content Distribution Network (CDN) to secure its content delivery (media files and static resource files such as .html, .css, .js). Prior to running this rule by the Cloud Conformity engine, your web application domain name needs to be configured in the rule settings, on your Cloud Conformity account dashboard.
The Cloudfront Content Distribution Network can have a significant impact on the security of your web application content delivery process. AWS Cloudfront can accelerate and deliver your web content securely over HTTPS from all of its edge locations (CDN servers). In addition to delivering securely from the edge, you can also configure Cloudfront to use HTTPS connections for origin fetches so that your content is encrypted end-to-end from the application origin to your end users. The AWS Cloudfront CDN service improves the ability of your web application to absorb and mitigate potential Distributed Denial of Service (DDoS) attacks and keep the application available for legitimate users. The CDN distribution can be also integrated with AWS WAF service - a web application firewall service made available by Amazon to protect web applications against common attacks.
To determine if the AWS Cloudfront service is used as Content Delivery Network (CDN) for your web application content delivery, perform the following actions:
To use Amazon Cloudfront as a Content Distribution Network to secure and accelerate the content delivery of your web application, you need to create and configure a Cloudfront web distribution. To create the required distribution, perform the following actions: