Secure Ciphers Disabled

  • Query id: 218413a0-c716-4b94-9e08-0bb70d854709
  • Query name: Secure Ciphers Disabled
  • Platform: Ansible
  • Severity: High
  • Category: Encryption
  • URL: Github

Description

Check if secure ciphers aren't used in CloudFront
Documentation

Code samples

Code samples with security vulnerabilities

Postitive test num. 1 - yaml file
- name: example
  community.aws.cloudfront_distribution:
    state: present
    caller_reference: unique test distribution ID
    origins:
      - id: 'my test origin-000111'
        domain_name: www.example.com
        origin_path: /production
        custom_headers:
          - header_name: MyCustomHeaderName
            header_value: MyCustomHeaderValue
    viewer_certificate:
      cloudfront_default_certificate: false
      minimum_protocol_version: 'SSLv3'

Code samples without security vulnerabilities

Negative test num. 1 - yaml file
- name: example
  community.aws.cloudfront_distribution:
    state: present
    caller_reference: unique test distribution ID
    origins:
    - id: my test origin-000111
      domain_name: www.example.com
      origin_path: /production
      custom_headers:
      - header_name: MyCustomHeaderName
        header_value: MyCustomHeaderValue
    viewer_certificate:
      cloudfront_default_certificate: true