AWS CloudFront Best Practices

Knowledge Base Best practice rules for Amazon Web Services AWS CloudFront Best Practices

Best practice rules for Amazon CloudFront

Cloud Conformity monitors Amazon CloudFront following the following rules:

CloudFront Compress Objects Automatically
Ensure that AWS Cloudfront web distributions are configured to compress objects (files) automatically.
CloudFront Geo Restriction
Ensure geo restriction is enabled within CloudFront distribution.
CloudFront In Use
Ensure AWS CloudFront CDN service is in use for fast and secure web content delivery.
CloudFront Insecure Origin SSL Protocols
Ensure AWS CloudFront distributions origin(s) do not use insecure SSL protocols.
CloudFront Integrated With WAF
Ensure your Cloudfront CDN distributions are integrated with AWS WAF.
CloudFront Logging Enabled
Ensure AWS Cloudfront CDN distributions have access logging enabled.
CloudFront Security Policy
Ensure AWS CloudFront distributions are using improved security policies for HTTPS connections.
CloudFront Traffic To Origin Unencrypted
Ensure the traffic between the AWS CloudFront distributions and their origins is encrypted.
CloudFront Viewer Protocol Policy
Configure HTTP to HTTPS redirects for your CloudFront distribution viewer protocol policy.
Enable Origin Access Identity for CloudFront Distributions with S3 Origin
Ensure your AWS Cloudfront distributions are using an origin access identity for their origin S3 buckets.
Enable Origin Failover for CloudFront Distributions
Ensure that AWS CloudFront distributions are using Origin Failover feature to optimize their high availability.
FieldLevel Encryption
Ensure that Amazon CloudFront web distributions enforce field-level encryption.
Use Cloudfront Content Distribution Network
Use AWS Cloudfront Content Distribution Network for secure web content delivery.