CloudFront Without Minimum Protocol TLS 1.2
- Query id: d0c13053-d2c8-44a6-95da-d592996e9e67
- Query name: CloudFront Without Minimum Protocol TLS 1.2
- Platform: Ansible
- Severity: High
- Category: Insecure Configurations
- URL: Github
Description¶
CloudFront Minimum Protocol version should be at least TLS 1.2
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - yaml file
- name: create a distribution with an origin and logging
community.aws.cloudfront_distribution:
state: present
caller_reference: unique test distribution ID
origins:
- id: 'my test origin-000111'
domain_name: www.example.com
origin_path: /production
custom_headers:
- header_name: MyCustomHeaderName
header_value: MyCustomHeaderValue
logging:
enabled: true
include_cookies: false
bucket: mylogbucket.s3.amazonaws.com
prefix: myprefix/
viewer_certificate:
minimum_protocol_version: TLSv1
comment: this is a CloudFront distribution with logging
- name: create another distribution with an origin and logging
community.aws.cloudfront_distribution:
state: present
caller_reference: unique test distribution ID
origins:
- id: 'my test origin-000111'
domain_name: www.example.com
origin_path: /production
custom_headers:
- header_name: MyCustomHeaderName
header_value: MyCustomHeaderValue
logging:
enabled: true
include_cookies: false
bucket: mylogbucket.s3.amazonaws.com
prefix: myprefix/
viewer_certificate:
minimum_protocol_version: TLSv1.1_2016
comment: this is a CloudFront distribution with logging
- name: create a third distribution
community.aws.cloudfront_distribution:
state: present
caller_reference: unique test distribution ID
origins:
- id: 'my test origin-000111'
domain_name: www.example.com
origin_path: /production
custom_headers:
- header_name: MyCustomHeaderName
header_value: MyCustomHeaderValue
logging:
enabled: true
include_cookies: false
bucket: mylogbucket.s3.amazonaws.com
prefix: myprefix/
comment: this is a CloudFront distribution with logging
Code samples without security vulnerabilities¶
Negative test num. 1 - yaml file
- name: create a distribution with an origin and logging
community.aws.cloudfront_distribution:
state: present
caller_reference: unique test distribution ID
origins:
- id: 'my test origin-000111'
domain_name: www.example.com
origin_path: /production
custom_headers:
- header_name: MyCustomHeaderName
header_value: MyCustomHeaderValue
logging:
enabled: true
include_cookies: false
bucket: mylogbucket.s3.amazonaws.com
prefix: myprefix/
viewer_certificate:
minimum_protocol_version: TLSv1.2_2018
comment: this is a CloudFront distribution with logging