Ensure AWS CloudFront response header policy enforces Strict Transport Security
Error: AWS CloudFront response header policy does not enforce Strict Transport Security
Bridgecrew Policy ID: BC_AWS_GENERAL_134
Checkov Check ID: CKV_AWS_259
Severity: LOW
AWS CloudFront response header policy does not enforce Strict Transport Security
Description
Enforcing Strict Transport Security (HSTS) in your AWS CloudFront response header policy can help to improve the security of your website or application.
HSTS is a security feature that tells web browsers to only communicate with a website using secure HTTPS connections, rather than insecure HTTP connections. This helps to prevent man-in-the-middle attacks and other types of vulnerabilities that could be exploited over an unencrypted connection.
Fix - Runtime
Fix - Buildtime
Terraform
resource "aws_cloudfront_response_headers_policy" "pass" {
name = "test"
security_headers_config {
strict_transport_security {
access_control_max_age_sec = 31536000
include_subdomains = true
override = true
preload = true
}
}
}
Updated 9 months ago