Ensure AWS CloudFront distribution uses custom SSL certificate
Error: AWS CloudFront web distribution with default SSL certificate
Bridgecrew Policy ID: BC_AWS_NETWORKING_79
Checkov Check ID: CKV2_AWS_42
Severity: MEDIUM
AWS CloudFront web distribution with default SSL certificate
Description
This policy identifies CloudFront web distributions which have a default SSL certificate to access CloudFront content. It is a best practice to use custom SSL Certificate to access CloudFront content. It gives you full control over the content data. custom SSL certificates also allow your users to access your content by using an alternate domain name. You can use a certificate stored in AWS Certificate Manager (ACM) or you can use a certificate stored in IAM.
Fix - Buildtime
Terraform
resource "aws_cloudfront_distribution" "pass_1" {
origin {
domain_name = aws_s3_bucket.primary.bucket_regional_domain_name
origin_id = "primaryS3"
s3_origin_config {
origin_access_identity = aws_cloudfront_origin_access_identity.default.cloudfront_access_identity_path
}
}
default_cache_behavior {
target_origin_id = "groupS3"
}
viewer_certificate {
acm_certificate_arn = "aaaaa"
}
}
Updated 11 months ago