Cloudfront distribution should be encrypted

문서 > Datadog 보안 > OOTB Rules > Cloudfront distribution should be encrypted

이 페이지는 아직 한국어로 제공되지 않으며 번역 작업 중입니다. 번역에 관한 질문이나 의견이 있으시면 언제든지 저희에게 연락해 주십시오.

Description

Verify that HTTPS is used to secure AWS CloudFront distributions communications.

Rationale

HTTPS ensures that malicious activity cannot occur when data is sent within AWS CloudFront’s Content Distribution Network (CDN).

Remediation

From the console

Follow the configure CloudFront to require HTTPS between CloudFront and your custom origin docs to change your Origin Protocol Policy to HTTPS only.

From the command line

Run get-distribution-config with your AWS CloudFront distribution ID to retrieve your distribution’s configuration information.
get-distribution-config.sh
```
    aws cloudfront get-distribution-config
        --id ID000000000000
    
```

In a new JSON file, modify the returned configuration. Set OriginProtocolPolicy to https-only and save the configuration file.

https-only.sh

    {
      "ETag": "ETAG0000000000",
      "DistributionConfig": {
        "Origins": {
          "Items": [
            {
              "CustomOriginConfig": {
                "OriginProtocolPolicy": "https-only",
                ...
              }
            }
          ]
        }
      }
    }
    

Run update-distribution to update your distribution with your distribution id, the path of the configuration file (created in step 2), and your etag.

update-distribution.sh

    aws cloudfront update-distribution
        --id ID000000000000
        --distribution-config https-only.json
        --if-match ETAG0000000000
    