Loading controls...
Benchmark: CloudFront
Description
This section contains recommendations for configuring CloudFront resources.
Usage
Browse dashboards and select CloudFront:
steampipe dashboardOr run the benchmarks in your terminal:
steampipe check aws_compliance.benchmark.all_controls_cloudfrontSnapshot and share results via Steampipe Cloud:
steampipe loginsteampipe check --share aws_compliance.benchmark.all_controls_cloudfrontControls
- CloudFront distributions should have origin failover configured
- CloudFront distributions should encrypt traffic to custom origins
- CloudFront distributions should have a default root object configured
- CloudFront distributions should require encryption in transit
- CloudFront distributions should have field level encryption enabled
- CloudFront distributions should have geo restriction enabled
- CloudFront distributions access logs should be enabled
- CloudFront distributions should not use deprecated SSL protocols between edge locations and custom origins
- CloudFront distributions should not point to non-existent S3 origins
- CloudFront distributions should encrypt traffic to non S3 origins
- CloudFront distributions should have origin access identity enabled
- CloudFront distributions should use SNI to serve HTTPS requests
- CloudFront distributions should use custom SSL/TLS certificates
- CloudFront distributions should use secure SSL cipher
- CloudFront distributions should have AWS WAF enabled