Ensure that your web application is using Amazon Cloudfront Content Distribution Network (CDN) to secure its content delivery (media files and static resource files such as .html, .css, .js). Prior to running this rule by the Cloud Conformity engine, your web application domain name needs to be configured in the rule settings, on your Cloud Conformity account dashboard.
The Cloudfront Content Distribution Network can have a significant impact on the security of your web application content delivery process. AWS Cloudfront can accelerate and deliver your web content securely over HTTPS from all of its edge locations (CDN servers). In addition to delivering securely from the edge, you can also configure Cloudfront to use HTTPS connections for origin fetches so that your content is encrypted end-to-end from the application origin to your end users. The AWS Cloudfront CDN service improves the ability of your web application to absorb and mitigate potential Distributed Denial of Service (DDoS) attacks and keep the application available for legitimate users. The CDN distribution can be also integrated with AWS WAF service - a web application firewall service made available by Amazon to protect web applications against common attacks.
Audit
To determine if the AWS Cloudfront service is used as Content Delivery Network (CDN) for your web application content delivery, perform the following actions:
Remediation / Resolution
To use Amazon Cloudfront as a Content Distribution Network to secure and accelerate the content delivery of your web application, you need to create and configure a Cloudfront web distribution. To create the required distribution, perform the following actions:
References
- AWS Documentation
- What Is Amazon CloudFront?
- Overview of Web and RTMP Distributions
- Task List for Creating a Web Distribution
- Creating a Web Distribution
- Values That You Specify When You Create or Update a Web Distribution
- CIS Amazon Web Services Foundations
- AWS Command Line Interface (CLI) Documentation
- cloudfront
- list-distributions
- create-distribution
Unlock the Remediation Steps
Gain free unlimited access
to our full Knowledge Base
Over 750 rules & best practices
for and
Get started for FREE
You are auditing:
Use Cloudfront Content Distribution Network
Risk level: Medium