Overview

A config rule that checks whether your Amazon CloudFront distributions use HTTPS (directly or via a redirection). The rule is NON_COMPLIANT if the value of ViewerProtocolPolicy is set to allow-all for defaultCacheBehavior or for cacheBehaviors. This means that the rule is non compliant when viewers can use HTTP or HTTPS.

Configuration Templates

Items
1
Size
0.7 KB
AWSTemplateFormatVersion: '2010-09-09'
Description: ''
Resources:
  ConfigRule:
    Type: 'AWS::Config::ConfigRule'
    Properties:
      ConfigRuleName: cloudfront-viewer-policy-https
      Description: >-
        A config rule that checks whether your Amazon CloudFront distributions
        use HTTPS (directly or via a redirection). The rule is NON_COMPLIANT if
        the value of ViewerProtocolPolicy is set to allow-all for
        defaultCacheBehavior or for cacheBehaviors. This me...
      Scope:
        ComplianceResourceTypes:
          - 'AWS::CloudFront::Distribution'
      Source:
        Owner: AWS
        SourceIdentifier: CLOUDFRONT_VIEWER_POLICY_HTTPS
Parameters: {}
Metadata: {}
Conditions: {}

Actions



Rule Parameters

No rule paramters
 
* Required field

Sources and Documentation

Configuration Source: AWS Documentation

Additional Documentation: