AWS CloudFront web distribution with default SSL certificate

Description

This policy identifies CloudFront web distributions which have a default SSL certificate to access CloudFront content. It is a best practice to use custom SSL Certificate to access CloudFront content. It gives you full control over the content data. custom SSL certificates also allow your users to access your content by using an alternate domain name. You can use a certificate stored in AWS Certificate Manager (ACM) or you can use a certificate stored in IAM.

Code Example

resource "aws_cloudfront_distribution" "pass_1" {

  origin {
    domain_name = aws_s3_bucket.primary.bucket_regional_domain_name
    origin_id   = "primaryS3"

    s3_origin_config {
      origin_access_identity = aws_cloudfront_origin_access_identity.default.cloudfront_access_identity_path
    }
  }

  default_cache_behavior {
   target_origin_id = "groupS3"
  }

  viewer_certificate {
    acm_certificate_arn = "aaaaa"
  }
}

Remediation

Terraform

Rule Details

Field	Value
ID	IAC-0476
Severity	LOW
IaC Type	Terraform
Frameworks	Terraform
Checkov ID	CKV2_AWS_42

References

Checkov Rule

Overview

SAST (Application Security)

SCA (Dependencies)

Secrets Detection

IaC Security

License Compliance

SAST Rules

IaC Rules

License Rules

AWS CloudFront web distribution with default SSL certificate

Description

Code Example

Remediation

Rule Details

References

SAST Rules

IaC Rules

License Rules

AWS CloudFront web distribution with default SSL certificate ​

Description ​

Code Example ​

Remediation ​

Rule Details ​

References ​

AWS CloudFront web distribution with default SSL certificate

Description

Code Example

Remediation

Rule Details

References