Plugin Title CloudFront HTTPS Only
Cloud AWS
Category CloudFront
Description Ensures CloudFront distributions are configured to redirect non-HTTPS traffic to HTTPS.
More Info For maximum security, CloudFront distributions can be configured to only accept HTTPS connections or to redirect HTTP connections to HTTPS.
AWS Link http://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/CloudFront.html
Recommended Action Remove HTTP-only listeners from distributions.


Detailed Remediation Steps

  1. Log into the AWS Management Console.
  2. Select the "Services" option and search for CloudFront.
  3. Select the "CloudFront Distribution" that needs to be verified.
  4. Click the "Distribution Settings" button from menu to get into the "CloudFront Distribution" configuration page.
  5. Click the "Behaviors" button from the top menu to get into the "Behaviors" configuration page and select the "Behavior" which needs to be verified.
  6. Click the "Edit" button from the "Behaviors" tab on the menu.
  7. On the Default Cache Behavior Settings, verify the "Viewer Protocol Policy" and if "HTTP and HTTPS" is selected than CloudFront allows viewers to access your web content using either HTTP or HTTPS.
  8. On the "Viewer Protocol Policy" choose "Redirect HTTP to HTTPS" to redirect all HTTP requests to HTTPS.
  9. On the "Viewer Protocol Policy" choose "HTTPS Only" so CloudFront allows viewers to access your content only if they're using HTTPS.
  10. Repeat the steps number 5 , 6 and 7 to verify if any other CloudFront Distribution is using HTTP-only listeners.

Want to scan for this risk automatically?

Get Started Now