AWS CloudFront web distribution using insecure TLS version

Description

This policy identifies AWS CloudFront web distributions which are configured with TLS versions for HTTPS communication between viewers and CloudFront. As a best practice, use recommended TLSv1.2_2021 as the minimum protocol version in your CloudFront distribution security policies.

Code Example

resource "aws_cloudfront_distribution" "pass" {
...

  viewer_certificate {
    cloudfront_default_certificate = false
    minimum_protocol_version = "TLSv1.2_2018"
  }
}

Remediation

Terraform

Resource: aws_cloudfront_distribution
Arguments: minimum_protocol_version

Rule Details

Field	Value
ID	IAC-0223
Severity	LOW
IaC Type	Cloudformation
Frameworks	CloudFormation, Terraform, TerraformPlan, Serverless
Checkov ID	CKV_AWS_174

References

Checkov Rule

Overview

SAST (Application Security)

SCA (Dependencies)

Secrets Detection

IaC Security

License Compliance

SAST Rules

IaC Rules

License Rules

AWS CloudFront web distribution using insecure TLS version

Description

Code Example

Remediation

Rule Details

References

SAST Rules

IaC Rules

License Rules

AWS CloudFront web distribution using insecure TLS version ​

Description ​

Code Example ​

Remediation ​

Rule Details ​

References ​

AWS CloudFront web distribution using insecure TLS version

Description

Code Example

Remediation

Rule Details

References