Ensure CloudFront Distribution ViewerProtocolPolicy Rule

Check compliance with the rule regarding CloudFront distribution ViewerProtocolPolicy

Rule	Ensure CloudFront distribution ViewerProtocolPolicy is set to HTTPS
Framework	CloudDefense.AI Security
Severity	✔ High

Rule Description:

This rule ensures that the ViewerProtocolPolicy for the CloudFront distribution named CloudDefense is set to HTTPS. The ViewerProtocolPolicy determines whether CloudFront allows viewers to access your content using HTTP or HTTPS protocols.

Troubleshooting Steps:

If the ViewerProtocolPolicy is not set to HTTPS for the CloudDefense CloudFront distribution, you may encounter issues with insecure content delivery. Here are the troubleshooting steps to address this:

1.

Verify the ViewerProtocolPolicy: Check the current value of the ViewerProtocolPolicy for the CloudDefense distribution.

2.

Update the ViewerProtocolPolicy: If the ViewerProtocolPolicy is set to HTTP, update it to HTTPS.

3.

Verify SSL/TLS certificate: Ensure that the SSL/TLS certificate is correctly configured and valid for the CloudDefense distribution.

Necessary Code:

No code is required for this rule. Instead, you will need to access the AWS Management Console and work with CloudFront settings through its user interface.

Step-by-Step Guide for Remediation:

1.

Open the AWS Management Console and navigate to the CloudFront service.

2.

Click on the CloudDefense distribution to access its settings.

3.

In the distribution settings, navigate to the "Behaviors" tab.

4.

Find the default behavior, which should have a path pattern of "/".

5.

Under the "Viewer Protocol Policy" column for the default behavior, verify if the current value is set to HTTPS. If not, proceed to the next step.

6.

Click on the pencil icon next to the Viewer Protocol Policy for the default behavior.

7.

Select "Redirect HTTP to HTTPS" option from the dropdown list.

8.

Click on the "Yes, Edit" button to save the changes.

9.

Wait for the changes to propagate, as it may take a few minutes for the CloudFront distribution to update.

10.

Once the changes are propagated, verify that the ViewerProtocolPolicy is set to HTTPS for the CloudDefense distribution.

By following these steps, you have successfully ensured that the CloudFront distribution ViewerProtocolPolicy is set to HTTPS for the CloudDefense distribution.

Ensure CloudFront Distribution ViewerProtocolPolicy Rule

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Rule Description:

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Troubleshooting Steps:

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Necessary Code:

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Step-by-Step Guide for Remediation:

Is your System Free of Underlying Vulnerabilities? Find Out Now

Rule Description:

Troubleshooting Steps:

Necessary Code:

Step-by-Step Guide for Remediation:

Is your System Free of Underlying Vulnerabilities?
Find Out Now