AWS CloudFront

Security issues (5)
Severity Non-Compliance Resource Issue Remediation Read more Action
High PCI DSS 4.2 HIPAA (Encryption) EABCW25ZCESFI CloudFront distribution is not configured to enforce encryption (using HTTPS) for data in transit. HIPAA compliance requires all data to be transmitted over secure channels. Edit distribution's behaviour and set its viewer protocol policy to "HTTPS Only". More info
High PCI DSS 10.2 HIPAA (Audit) EABCW25ZCESFI CloudFront distribution is not configured to save access logs to an Amazon S3 bucket. Enable distribution's access logs to comply with HIPAA (requires access logging for auditing purposes) and PCI DSS (Requirement 10: track and monitor all access to network resources and cardholder data). More info
Medium EABCW25ZCESFI CloudFront distribution does not have a web application firewall (WAF) enabled. To allow or block requests based on criteria that you specify, choose the web ACL to associate with your distribution. More info
Critical PCI DSS 4.2 PCI DSS (Old Protocols) HIPAA (Encryption) EABCW25ZCESFI CloudFront distribution uses insecure default CloudFront protocol TLSv1. To comply with PSI DSS (requires not to use SSLv2, SSLv3, TLS 1.0), create and import a custom SSL Certificate. Next, select the recommended security policy for CloudFront to use for HTTPS connections. More info
Medium PCI DSS 10.2 HIPAA (Audit) EABCW25ZCESFI CloudFront distribution uses an S3 bucket as origin without an origin access identity, allowing direct access to your objects through Amazon S3 URLs. Restrict bucket access in the origin settings so that users were able to access your S3 content using CloudFront URLs, not Amazon S3 URLs. This is required to comply with HIPAA privacy rule, enabling audit for all access to PHI. More info
Distributions (1)
ID Domain name Origin Status State Last modified Security issues
EABCW25ZCESFId27li9uju8sehq.cloudfront.netS3-cf-templates-lqa4fy3xqyy2-us-west-2Deployed Enabled 1 Critical + 4 others (details)