Free Assessment

Amazon_Cloudfront_3

Ensure AWS Cloudfront Logging is enabled

Description

Amazon CloudFront is a web service that speeds up distribution of your static and dynamic web content, for example, .html, .css, .php, image, and media files, to end users. CloudFront delivers your content through a worldwide network of edge locations. When an end user requests content that you are serving with CloudFront, the user is routed to the edge location that provides the lowest latency, so content is delivered with the best possible performance. If the content is already in that edge location, CloudFront delivers it immediately. If the content is not currently in that edge location, CloudFront retrieves it from a customer defined Origin, such as AWS S3, AWS ELB or EC2.

Remediation

Using the Amazon unified command line interface:

  • For enabling logging first save locally the current distribution config:
    aws cloudfront get-distribution-config –id <application_cfn_distribution_id> –query “DistributionConfig” > /tmp/cf-distribution.json
  • Edit and replace “Logging” element in /tmp/cf-distribution.json with the below section:
    “Logging”: {
    “Bucket”: “<s3_bucket_name>”,
    “Prefix”: “cloudfrontlogs”,
    “Enabled”: true,
    “IncludeCookies”: false
    },
  • Retrieve the current ETag of your CloudFront distribution:
    aws cloudfront get-distribution-config –id <application_cfn_distribution_id> –query “ETag”
  • Update the CloudFront distribution using the edited config and the above Etag:
    aws cloudfront update-distribution –id <application_cfn_distribution_id> –distribution-config file:///tmp/cf-distribution.json –if-match <application_cfn_distribution_etag>

References:

  1. http://docs.aws.amazon.com/cli/latest/reference/cloudfront/update-distribution.html
  2. http://docs.aws.amazon.com/cli/latest/reference/cloudfront/list-distributions.html
  3. http://docs.aws.amazon.com/cli/latest/reference/cloudfront/get-distribution-config.html

Service

Cloudfront

Severity

High

Compliance

Mapping

Want to Know More?

Learn how our partners are managing their cloud security and compliance with Cloudlytics.

I hereby accept the GDPR and Privacy Policy, by subscribing to the newsletters.

Cloudlytics

Solutions

Resources

Company

Legal

Facebook Twitter Linkedin Youtube
Start Free Trial
Login

CLOSE

We are now live on AWS Marketplace.
The integrated view of your cloud infrastructure is now easier than ever!

Learn More