1
Resources
7
Total Findings
8
Rules Executed
8
Unique Rules
0
Exception
1.388s
Timespent
Summary
Filter
accessLogging
Security- Description
- You have not enabled CloudFront standard logs (access logs) for your distribution(s). CloudFront standard logs provide detailed records about every request that's made to a distribution. These logs are useful for many scenarios, including security and access audits.
- Resources
- GLOBAL: Cloudfront::E2X390QMMYIRUF
- Label
- Cost Incurred (maybe)
- Recommendation
- AWS Docs
compressObjectsAutomatically
Performance Efficiency- Description
- You have not configured CloudFront to automatically compress certain types of objects (files) and serve the compressed objects when viewers (web browsers or other clients) support them. When requested objects are compressed, downloads can be faster because the objects are smaller.
- Resources
- GLOBAL: Cloudfront::E2X390QMMYIRUF
- Label
- Testing Required
- Recommendation
- AWS Docs
defaultRootObject
Security- Description
- You have not configured CloudFront to return a specific object (the default root object) when a user requests the root URL for your distribution instead of requesting an object in your distribution. Specifying a default root object lets you avoid exposing the contents of your distribution.
- Resources
- GLOBAL: Cloudfront::E2X390QMMYIRUF
- Label
- Testing Required
- Recommendation
- AWS Docs
fieldLevelEncryption
Security- Description
- Field-level encryption adds an additional layer of security that lets you protect specific data throughout system processing so that only certain applications can see it.
- Resources
- GLOBAL: Cloudfront::E2X390QMMYIRUF
- Label
- Testing Required Cost Incurred
- Recommendation
- AWS Docs
originFailover
Reliability- Description
- Your CloudFront distributions is not setup for origin failover. To set up origin failover, you must have a distribution with at least two origins.
- Resources
- GLOBAL: Cloudfront::E2X390QMMYIRUF
- Label
- Testing Required
- Recommendation
- AWS Docs
viewerPolicyHttps
Security- Description
- Your CloudFront distribution does not enforce HTTPS for communication between viewers and CloudFront.
- Resources
- GLOBAL: Cloudfront::E2X390QMMYIRUF
- Label
- Testing Required
- Recommendation
- AWS Docs
WAFAssociation
Security- Description
- You have not associated either WAF or WAFv2 web ACL with your Amazon CloudFront distributions. AWS WAF helps you protect against common web exploits and bots that can affect availability, compromise security, or consume excessive resources.
- Resources
- GLOBAL: Cloudfront::E2X390QMMYIRUF
- Label
- Testing Required Cost Incurred
- Recommendation
- AWS Docs
- Developer Guide
Detail
GLOBAL
1. E2X390QMMYIRUF
| Check | Current Value | Recommendation |
|---|---|---|
| accessLogging | Enable CloudFront standard logs (access logs) | |
| compressObjectsAutomatically | Configure CloudFront to compress objects automatically | |
| defaultRootObject | Specify a default root object for your distribution. | |
| fieldLevelEncryption | Set-up field-level encryption for your CloudFront distributions. | |
| originFailover | Create an origin group with two origins: a primary and a secondary. | |
| viewerPolicyHttps | Configure one or more cache behaviors in your CloudFront distribution to require HTTPS for communication between viewers and CloudFront. | |
| WAFAssociation | Use Web Application Firewall (WAF) for enhanced security. |