Ensure that the communication between your Amazon CloudFront CDN distribution and its viewers (end users) is encrypted using HTTPS in order to secure the delivery of your web application content. To enable data in transit encryption, you need to configure the web distribution viewer protocol policy to redirect HTTP requests to HTTPS requests or to require the viewers to use only the HTTPS protocol to access your web content available in the CloudFront distribution cache.
This rule can help you with the following compliance standards:
- Payment Card Industry Data Security Standard (PCI DSS)
- Health Insurance Portability and Accountability Act (HIPAA)
- NIST 800-53 (Rev. 4)
This rule can help you work with the AWS Well-Architected Framework
This rule resolution is part of the Cloud Conformity Security & Compliance tool for AWS
Using HTTPS for your CloudFront CDN distribution can guarantee that the encrypted traffic between the edge (cache) servers and the application viewers cannot be decrypted by malicious users in case they are able to intercept packets sent across the CDN distribution network.
To determine if your CloudFront distribution viewer protocol policy is configured to enforce HTTPS for data in transit encryption, perform the following actions:
Remediation / Resolution
To ensure that your web content is encrypted between your CloudFront distribution edge locations and your application viewers, perform the following actions:
- AWS Documentation
- Amazon CloudFront FAQs
- Overview of Web and RTMP Distributions
- Values That You Specify When You Create or Update a Web Distribution
- CIS Amazon Web Services Foundations
Unlock the Remediation Steps
Free 30-day Trial
Automatically audit your configurations with Conformity
and gain access to our cloud security platform.
You are auditing:
CloudFront Viewer Protocol Policy
Risk level: Medium