Determine if CloudFront CDN is in use

CloudFront provides scalable, distributed, and inexpensive Content Distribution Network (CDN) within AWS. The use of a CDN can provide a layer of security between your origin content and the destination. It can also serve a critical role in consistent delivery of content during a DDoS attack or unexpected volume increases. This buffer can help give you the time to scale out your infrastructure to meet the demand and/or identify the origin to mitigate the risk if an attack. Ensure that AWS CloudFront Content Delivery Network (CDN) service is used within your AWS account to secure and accelerate the delivery of your website

Risk Level: Low
Cloud Entity: Amazon CloudFront
CloudGuard Rule ID: D9.AWS.NET.26
Covered by Spectral: Yes
Category: Networking & Content Delivery

GSL LOGIC

CloudFront should have distributionConfig.origins and distributionConfig.enabled = 'true'

REMEDIATION

From Portal

  1. Login to the AWS Management Console and open CloudFront Distributions Dashboard at https://console.aws.amazon.com/cloudfront/v3/.
  2. In the left navigation panel, click Distributions.
  3. Click Create Distribution.
  4. Specify settings for the distribution.
  5. Click 'Save Changes'.

From TF

resource "aws_cloudfront_distribution" "test" {
	origin {
		domain_name = aws_s3_bucket.b.bucket_regional_domain_name
		origin_id   = local.s3_origin_id
		
		s3_origin_config {
			origin_access_identity = "origin-access-identity/cloudfront/ABCDEFG1234567"
		}
	}
	
	+ enabled             = true
	is_ipv6_enabled     = true
	comment             = "Some comment"
	default_root_object = "index.html"
}

From Command Line
To create cloudfront distribution with specific configuration, run:

aws cloudfront create-distribution --distribution-config file://FILE.json

NOTE :FILE.json contains configuration of cloudfront distribution.

References

  1. https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-web-creating-console.html
  2. https://docs.aws.amazon.com/cli/latest/reference/cloudfront/index.html
  3. https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudfront_distribution

Amazon CloudFront

Amazon CloudFront is a web service that speeds up distribution of your static and dynamic web content, for example, .html, .css, .php, image, and media files, to end users. CloudFront delivers your content through a worldwide network of edge locations. When an end user requests content that you're serving with CloudFront, the user is routed to the edge location that provides the lowest latency, so content is delivered with the best possible performance. If the content is already in that edge location, CloudFront delivers it immediately.

Compliance Frameworks

  • AWS CloudGuard Best Practices
  • AWS CloudGuard Network Alerts for default VPC components
  • AWS CloudGuard SOC2 based on AICPA TSC 2017
  • AWS CloudGuard Well Architected Framework
  • AWS HITRUST v11.0.0
  • AWS ITSG-33
  • AWS LGPD regulation
  • AWS MAS TRM Framework
  • AWS MITRE ATT&CK Framework v10
  • AWS MITRE ATT&CK Framework v11.3
  • CloudGuard AWS All Rules Ruleset