AWS CloudFront distribution is using insecure SSL protocols for HTTPS communication

Description

This policy detects AWS CloudFront distributions that are not configured to use secure SSL protocols for HTTPS communication.

Code Example

resource "aws_cloudfront_distribution" "example" {
  # ... other configuration ...

  origin {
    domain_name = "my-origin.example.com"
    origin_id   = "myOriginID"

    custom_origin_config {
      http_port              = 80
      https_port             = 443
      origin_protocol_policy = "https-only"
+      origin_ssl_protocols   = ["TLSv1", "TLSv1.1", "TLSv1.2"]

      # ... other configuration ...
    }
  }

  # ... other configuration ...

Remediation

Terraform

Resource: aws_cloudfront_distribution
Arguments: origin.custom_origin_config.origin_ssl_protocols

Rule Details

Field	Value
ID	IAC-0488
Severity	MEDIUM
IaC Type	Terraform
Frameworks	Terraform, TerraformPlan
Checkov ID	CKV2_AWS_54

References

Checkov Rule

Overview

SAST (Application Security)

SCA (Dependencies)

Secrets Detection

IaC Security

License Compliance

SAST Rules

IaC Rules

License Rules

AWS CloudFront distribution is using insecure SSL protocols for HTTPS communication

Description

Code Example

Remediation

Rule Details

References

SAST Rules

IaC Rules

License Rules

AWS CloudFront distribution is using insecure SSL protocols for HTTPS communication ​

Description ​

Code Example ​

Remediation ​

Rule Details ​

References ​

AWS CloudFront distribution is using insecure SSL protocols for HTTPS communication

Description

Code Example

Remediation

Rule Details

References