Query: CloudFront distributions should require encryption in transit

Description

This control checks whether an AWS CloudFront distribution requires viewers to use HTTPS directly or whether it uses redirection. The control fails if ViewerProtocolPolicy is set to allow-all for defaultCacheBehavior or for cacheBehaviors.

Query

Tables used in this query:

• aws_cloudfront_distribution

Controls using this query:

• 3 CloudFront distributions should require encryption in transit
• CloudFront distributions should require encryption in transit

SQL