CloudFront Distribution should have WAF enabled

AWS WAF gives you control over how traffic reaches your applications by enabling you to create security rules. Make sure you create rules that block common attack patterns, such as SQL injection, cross-site scripting, and rules that filter out specific traffic patterns that you have defined.With AWS Cloudfront-WAF integration enabled you will be able to block any malicious requests made to your Cloudfront Content Delivery Network based on the criteria defined in the WAF Web Access Control List (ACL) associated with the CDN distribution.

Risk Level: High
Cloud Entity: AWS CloudFront Distribution
CloudGuard Rule ID: D9.CFT.CRY.18
Covered by Spectral: Yes
Category: Management Tools

GSL LOGIC

AWS_CloudFront_Distribution should have DistributionConfig.WebACLId

REMEDIATION

From CFT
Supply AWS::CloudFront::Distribution::WebACLId property with ARN value of your WAF Web ACL.
See below example;

Resources:
MyDistribution:
Type: AWS::CloudFront::Distribution
Properties:
DistributionConfig:
...
WebACLId:"arn:aws:wafv2:us-east-1:123456789012:global/webacl/ExampleWebACL/473e64fd-f30b-4765-81a0-62ad96dd167a"
...

References

  1. https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-distributionconfig.html#cfn-cloudfront-distribution-distributionconfig-webaclid
  2. https://docs.aws.amazon.com/waf/latest/developerguide/what-is-aws-waf.html

AWS CloudFront Distribution

A distribution tells CloudFront where you want content to be delivered from, and the details about how to track and manage content delivery. The following topics explain some basics about CloudFront distributions and provide detailed information about the settings you can choose to configure your distributions to meet your business needs

Compliance Frameworks

  • AWS CloudFormation ruleset