Best practice rules for Amazon CloudFront
Trend Micro Cloud One™ – Conformity monitors Amazon CloudFront with the following rules:
- CloudFront Compress Objects Automatically
Ensure that AWS Cloudfront web distributions are configured to compress objects (files) automatically.
- CloudFront Geo Restriction
Ensure geo restriction is enabled within CloudFront distribution.
- CloudFront In Use
Ensure AWS CloudFront CDN service is in use for fast and secure web content delivery.
- CloudFront Insecure Origin SSL Protocols
Ensure AWS CloudFront distributions origin(s) do not use insecure SSL protocols.
- CloudFront Integrated With WAF
Ensure your Cloudfront CDN distributions are integrated with AWS WAF.
- CloudFront Logging Enabled
Ensure AWS Cloudfront CDN distributions have access logging enabled.
- CloudFront Security Policy
Ensure AWS CloudFront distributions are using improved security policies for HTTPS connections.
- CloudFront Traffic To Origin Unencrypted
Ensure the traffic between the AWS CloudFront distributions and their origins is encrypted.
- CloudFront Viewer Protocol Policy
Configure HTTP to HTTPS redirects for your CloudFront distribution viewer protocol policy.
- Enable Origin Access Identity for CloudFront Distributions with S3 Origin
Ensure your AWS Cloudfront distributions are using an origin access identity for their origin S3 buckets.
- Enable Origin Failover for CloudFront Distributions
Ensure that AWS CloudFront distributions are using Origin Failover feature to optimize their high availability.
- FieldLevel Encryption
Ensure that Amazon CloudFront web distributions enforce field-level encryption.
- Use Cloudfront Content Distribution Network
Use AWS Cloudfront Content Distribution Network for secure web content delivery.