AWS CloudFront
Overview
Critical
1High
2Medium
2Low
0Informational
0Security issues (5)
Severity | Non-Compliance | Resource | Issue | Remediation | Read more | Action |
---|---|---|---|---|---|---|
High | PCI DSS 4.2 HIPAA (Encryption) | EABCW25ZCESFI | CloudFront distribution is not configured to enforce encryption (using HTTPS) for data in transit. | HIPAA compliance requires all data to be transmitted over secure channels. Edit distribution's behaviour and set its viewer protocol policy to "HTTPS Only". | More info | |
High | PCI DSS 10.2 HIPAA (Audit) | EABCW25ZCESFI | CloudFront distribution is not configured to save access logs to an Amazon S3 bucket. | Enable distribution's access logs to comply with HIPAA (requires access logging for auditing purposes) and PCI DSS (Requirement 10: track and monitor all access to network resources and cardholder data). | More info | |
Medium | — | EABCW25ZCESFI | CloudFront distribution does not have a web application firewall (WAF) enabled. | To allow or block requests based on criteria that you specify, choose the web ACL to associate with your distribution. | More info | |
Critical | PCI DSS 4.2 PCI DSS (Old Protocols) HIPAA (Encryption) | EABCW25ZCESFI | CloudFront distribution uses insecure default CloudFront protocol TLSv1. | To comply with PSI DSS (requires not to use SSLv2, SSLv3, TLS 1.0), create and import a custom SSL Certificate. Next, select the recommended security policy for CloudFront to use for HTTPS connections. | More info | |
Medium | PCI DSS 10.2 HIPAA (Audit) | EABCW25ZCESFI | CloudFront distribution uses an S3 bucket as origin without an origin access identity, allowing direct access to your objects through Amazon S3 URLs. | Restrict bucket access in the origin settings so that users were able to access your S3 content using CloudFront URLs, not Amazon S3 URLs. This is required to comply with HIPAA privacy rule, enabling audit for all access to PHI. | More info |
Distributions (1)
ID | Domain name | Origin | Status | State | Last modified | Security issues |
---|---|---|---|---|---|---|
EABCW25ZCESFI | d27li9uju8sehq.cloudfront.net | S3-cf-templates-lqa4fy3xqyy2-us-west-2 | Deployed | Enabled | 1 Critical + 4 others (details) |