Ensure that the communication between your Amazon CloudFront CDN distribution and its viewers (end users) is encrypted using HTTPS in order to secure the delivery of your web application content. To enable data in transit encryption, you need to configure the web distribution viewer protocol policy to redirect HTTP requests to HTTPS requests or to require the viewers to use only the HTTPS protocol to access your web content available in the CloudFront distribution cache.
This rule can help you with the following compliance standards:
This rule can help you work with the AWS Well-Architected Framework
This rule resolution is part of the Cloud Conformity Security & Compliance tool for AWS
Using HTTPS for your CloudFront CDN distribution can guarantee that the encrypted traffic between the edge (cache) servers and the application viewers cannot be decrypted by malicious users in case they are able to intercept packets sent across the CDN distribution network.
To determine if your CloudFront distribution viewer protocol policy is configured to enforce HTTPS for data in transit encryption, perform the following actions:
To ensure that your web content is encrypted between your CloudFront distribution edge locations and your application viewers, perform the following actions: