AWS CloudFront response header policy does not enforce Strict Transport Security

Description

Enforcing Strict Transport Security (HSTS) in your AWS CloudFront response header policy can help to improve the security of your website or application. HSTS is a security feature that tells web browsers to only communicate with a website using secure HTTPS connections, rather than insecure HTTP connections. This helps to prevent man-in-the-middle attacks and other types of vulnerabilities that could be exploited over an unencrypted connection.

Code Example

resource "aws_cloudfront_response_headers_policy" "pass" {
  name    = "test"

  security_headers_config {
    strict_transport_security {
      access_control_max_age_sec = 31536000
      include_subdomains         = true
      override                   = true
      preload                    = true
    }
  }
}

Remediation

Terraform

Rule Details

Field	Value
ID	IAC-0307
Severity	LOW
IaC Type	Terraform
Frameworks	Terraform
Checkov ID	CKV_AWS_259

References

Checkov Rule

Overview

SAST (Application Security)

SCA (Dependencies)

Secrets Detection

IaC Security

License Compliance

SAST Rules

IaC Rules

License Rules

AWS CloudFront response header policy does not enforce Strict Transport Security

Description

Code Example

Remediation

Rule Details

References

SAST Rules

IaC Rules

License Rules

AWS CloudFront response header policy does not enforce Strict Transport Security ​

Description ​

Code Example ​

Remediation ​

Rule Details ​

References ​

AWS CloudFront response header policy does not enforce Strict Transport Security

Description

Code Example

Remediation

Rule Details

References