CDN Configuration Is Missing
- Query id: e4f54ff4-d352-40e8-a096-5141073c37a2
- Query name: CDN Configuration Is Missing
- Platform: CloudFormation
- Severity: Low
- Category: Best Practices
- URL: Github
Description¶
Content Delivery Network (CDN) service is used within an AWS account to secure and accelerate the delivery of websites. The use of a CDN can provide a layer of security between your origin content and the destination.
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - yaml file
AWSTemplateFormatVersion: '2010-09-09'
Resources:
myDistribution:
Type: 'AWS::CloudFront::Distribution'
Properties:
DistributionConfig:
Enabled: 'false'
Comment: Somecomment
DefaultRootObject: index.html
Logging:
IncludeCookies: 'true'
Bucket: mylogs.s3.amazonaws.com
Prefix: myprefix
Positive test num. 2 - json file
{
"AWSTemplateFormatVersion": "2010-09-09",
"Resources": {
"myDistribution": {
"Type": "AWS::CloudFront::Distribution",
"Properties": {
"DistributionConfig": {
"Comment": "Somecomment",
"DefaultRootObject": "index.html",
"Logging": {
"IncludeCookies": "true",
"Bucket": "mylogs.s3.amazonaws.com",
"Prefix": "myprefix"
},
"Enabled": "false"
}
}
}
}
}
Code samples without security vulnerabilities¶
Negative test num. 1 - yaml file
AWSTemplateFormatVersion: '2010-09-09'
Resources:
myDistribution:
Type: 'AWS::CloudFront::Distribution'
Properties:
DistributionConfig:
Origins:
- DomainName: www.example.com
Id: myCustomOrigin
CustomOriginConfig:
HTTPPort: '80'
HTTPSPort: '443'
OriginProtocolPolicy: http-only
Enabled: 'true'
Comment: Somecomment
DefaultRootObject: index.html
Logging:
IncludeCookies: 'true'
Bucket: mylogs.s3.amazonaws.com
Prefix: myprefix
Negative test num. 2 - json file
{
"AWSTemplateFormatVersion": "2010-09-09",
"Resources": {
"myDistribution": {
"Type": "AWS::CloudFront::Distribution",
"Properties": {
"DistributionConfig": {
"Enabled": "true",
"Comment": "Somecomment",
"DefaultRootObject": "index.html",
"Logging": {
"IncludeCookies": "true",
"Bucket": "mylogs.s3.amazonaws.com",
"Prefix": "myprefix"
},
"Origins": [
{
"DomainName": "www.example.com",
"Id": "myCustomOrigin",
"CustomOriginConfig": {
"OriginProtocolPolicy": "http-only",
"HTTPPort": "80",
"HTTPSPort": "443"
}
}
]
}
}
}
}
}