Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

Rule: CloudFront Distributions Should Use Custom SSL/TLS Certificates

This rule ensures that CloudFront distributions are using custom SSL/TLS certificates for enhanced security.

RuleCloudFront distributions should use custom SSL/TLS certificates
FrameworkAWS Foundational Security Best Practices
Severity
Medium

Rule Description:

This rule ensures that CloudFront distributions use custom SSL/TLS certificates instead of AWS-managed certificates. By using custom certificates, organizations have more control over their security configuration, including the ability to manage their own private keys.

Troubleshooting Steps:

  1. 1.
    Ensure that your CloudFront distribution is configured properly.
  2. 2.
    Check if an AWS-managed certificate is being used.
  3. 3.
    Verify that you have a custom SSL/TLS certificate available.
  4. 4.
    Confirm if the custom certificate is correctly uploaded to AWS Certificate Manager (ACM).

Necessary Codes:

No codes are required for this rule. It is a configuration-based rule.

Remediation Steps:

  1. 1.
    Access the AWS Management Console and navigate to the Amazon CloudFront service.
  2. 2.
    Select the desired CloudFront distribution that needs to be updated.
  3. 3.
    In the distribution settings, go to the "General" tab and click "Edit."
  4. 4.
    Scroll down to the "Viewer Protocol Policy" section and choose the "HTTPS Only" option.
  5. 5.
    In the "SSL Certificate" section, select "Custom SSL Certificate".
  6. 6.
    From the dropdown menu, choose the custom SSL/TLS certificate you want to use. If the desired certificate is not available, you will need to upload it to ACM.
  7. 7.
    Click "Yes, Edit" to save the changes and update the CloudFront distribution with the custom SSL/TLS certificate.

CLI Command Guide:

There is no specific CLI command required for this configuration. It can be done directly through the AWS Management Console.

Note: Ensure that you have the necessary permissions and credentials to make configuration changes to the CloudFront distribution.

Following these steps will ensure that your CloudFront distribution is using a custom SSL/TLS certificate instead of an AWS-managed certificate, aligning with the AWS Foundational Security Best Practices.

Is your System Free of Underlying Vulnerabilities?
Find Out Now