Ensure AWS Cloudfront distribution is enabled
Error: AWS Cloudfront distribution is disabled
Bridgecrew Policy ID: BC_AWS_GENERAL_148
Checkov Check ID: CKV_AWS_216
Severity: LOW
AWS Cloudfront distribution is disabled
Description
When a CloudFront distribution is enabled, it will continue to incur charges for data transfer and requests, even if it is not being used by your application. Disabling the distribution can help to reduce these costs. In addition, leaving an unused CloudFront distribution enabled can also pose a security risk, as it may be vulnerable to attack or misuse. Disabling the distribution can help to mitigate these risks.
However, it is important to note that disabling a CloudFront distribution may cause any applications or websites that rely on it to become unavailable.
Fix - Runtime
Fix - Buildtime
Terraform
resource "aws_cloudfront_distribution" "pass" {
dynamic "origin" {
for_each = local.origins
content {
domain_name = origin.value["domain_name"]
origin_id = origin.value["origin_id"]
s3_origin_config {
origin_access_identity = origin.value["origin_access_identity"]
}
}
}
enabled = true
is_ipv6_enabled = true
default_root_object = "index.html"
default_cache_behavior {
allowed_methods = var.default_behaviour.allowed_methods
cached_methods = var.default_behaviour.cached_methods
target_origin_id = var.default_behaviour.origin_id
forwarded_values {
query_string = var.default_behaviour.query_string
cookies {
forward = var.default_behaviour.forward
}
}
viewer_protocol_policy = "allow-all"
min_ttl = var.default_behaviour.min_ttl
default_ttl = var.default_behaviour.default_ttl
max_ttl = var.default_behaviour.max_ttl
}
dynamic "ordered_cache_behavior" {
for_each = var.behaviours
content {
path_pattern = ordered_cache_behavior.value["path_pattern"]
allowed_methods = ordered_cache_behavior.value["allowed_methods"]
cached_methods = ordered_cache_behavior.value["cached_methods"]
target_origin_id = ordered_cache_behavior.value["origin_id"]
forwarded_values {
headers = ordered_cache_behavior.value["headers"]
query_string = ordered_cache_behavior.value["query_string"]
cookies {
forward = ordered_cache_behavior.value["forward"]
}
}
min_ttl = ordered_cache_behavior.value["min_ttl"]
default_ttl = ordered_cache_behavior.value["default_ttl"]
max_ttl = ordered_cache_behavior.value["max_ttl"]
compress = ordered_cache_behavior.value["compress"]
viewer_protocol_policy = "allow-all"
}
}
price_class = "PriceClass_200"
restrictions {
geo_restriction {
restriction_type = var.geo_restrictions["restriction_type"]
locations = var.geo_restrictions["locations"]
}
}
viewer_certificate {
cloudfront_default_certificate = var.viewer_certificate["cloudfront_default_certificate"]
minimum_protocol_version = var.viewer_certificate["minimum_protocol_version"]
}
lifecycle {
ignore_changes = [tags]
}
tags = {
"key" = "value"
}
}
Updated 9 months ago