Free Assessment

Amazon_Cloudfront_4

Configure HTTP to HTTPS Redirects with a CloudFront Viewer Protocol Policy

Description

Configure the Viewer Protocol Policy for your CloudFront cache to redirect HTTP requests to HTTPS requests or to require that viewers use only the HTTPS protocol to access your objects in the CloudFront cache. You should also configure one or more cache behaviors in the same distribution to allow both HTTP and HTTPS, so you can require HTTPS for some objects but not for others.
In order to use HTTPS, a SSLTLS certificate must be attached.
This depends on your data classification policy and needs to be configured according to your encryption policy.

Remediation

Using the Amazon unified command line interface:

  • For configuring “ViewerProtocolPolicy” first save locally the current distribution
    config:
    aws cloudfront get-distribution-config –id <application_cfn_distribution_id> –query “DistributionConfig” > /tmp/cf-distribution.json
  • Edit and replace “ViewerProtocolPolicy” element in /tmp/cf-distribution.json with
    the below section:
    “ViewerProtocolPolicy”: “redirect-to-https”,
  • Retrieve the current ETag of your CloudFront distribution:
    aws cloudfront get-distribution-config –id <application_cfn_distribution_id> –query “ETag”
  • Update the CloudFront distribution using the edited config and the above Etag:
    aws cloudfront update-distribution –id <application_cfn_distribution_id> –distribution-config file:///tmp/cf-distribution.json –if-match <application_cfn_distribution_etag>

References:

  1. http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/SecureConnections.html
  2. http://docs.aws.amazon.com/cli/latest/reference/cloudfront/update-distribution.html
  3. http://docs.aws.amazon.com/cli/latest/reference/cloudfront/get-streaming-distribution-config.html
  4. http://docs.aws.amazon.com/cli/latest/reference/cloudfront/list-distributions.html

Service

Cloudfront

Severity

Medium

Compliance

Mapping

Want to Know More?

Learn how our partners are managing their cloud security and compliance with Cloudlytics.

I hereby accept the GDPR and Privacy Policy, by subscribing to the newsletters.

Cloudlytics

Solutions

Resources

Company

Legal

Facebook Twitter Linkedin Youtube
Start Free Trial
Login

CLOSE

We are now live on AWS Marketplace.
The integrated view of your cloud infrastructure is now easier than ever!

Learn More