CloudFront viewer should be encrypted
Description
Ensure that the AWS CloudFront Content Delivery Network (CDN) for your distribution is using HTTPS to send and receive content.
Rationale
HTTPS ensures encrypted communication for your AWS CloudFront distribution, alleviating the possibility of malicious attacks like packet interception.
From the console
Follow the configure CloudFront to require HTTPS between viewers and CloudFront docs to change your Viewer Protocol Policy to HTTPS only.
From the command line
Run get-distribution-config
with your AWS CloudFront distribution ID to retrieve your distribution’s configuration information.
get-distribution-config.sh
aws cloudfront get-distribution-config
--id ID000000000000
In a new JSON file, modify the returned configuration. Set ViewerProtocolPolicy
to https-only
and save the configuration file.
{
"ETag": "ETAG0000000000",
"DistributionConfig": {
"Origins": {
"ViewerProtocolPolicy": "https-only",
...
}
}
}
Run update-distribution
to update your distribution with your distribution id
, the path of the configuration file (created in step 2), and your etag
.
aws cloudfront update-distribution
--id ID000000000000
--distribution-config https-only.json
--if-match ETAG0000000000