Ensure that the communication between your AWS CloudFront distributions and their custom origins is encrypted using HTTPS in order to secure the delivery of your web content and fulfill compliance requirements for data in transit encryption.
This rule can help you with the following compliance standards:
This rule can help you work with the AWS Well-Architected Framework
This rule resolution is part of the Cloud Conformity Security & Compliance tool for AWS
Using HTTPS for your AWS Cloudfront distributions can offer you the guarantee that the encrypted traffic between the edge servers and the custom origin cannot be unsealed by malicious users in case they are able to capture packets sent across Cloudfront Content Distribution Network (CDN).
Note: This rule does not apply if you have an AWS S3 bucket configured as website endpoint because the S3 service does not support HTTPS connections in this particular configuration.
To determine if your Cloudfront CDN distributions are configured to use HTTPS for data in transit encryption, perform the following:
To enable HTTPS for encrypting the traffic between your CloudFront distributions edge locations and their origins, perform the following: