CloudFront Without WAF

  • Query id: 22c80725-e390-4055-8d14-a872230f6607
  • Query name: CloudFront Without WAF
  • Platform: Ansible
  • Severity: Medium
  • Category: Networking and Firewall
  • CWE: 778
  • URL: Github

Description

All AWS CloudFront distributions should be integrated with the Web Application Firewall (AWS WAF) service
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - yaml file
- name: create a basic distribution with defaults and tags
  community.aws.cloudfront_distribution:
    state: present
    default_origin_domain_name: www.my-cloudfront-origin.com
    tags:
      Name: example distribution
      Project: example project
      Priority: '1'

Code samples without security vulnerabilities

Negative test num. 1 - yaml file
- name: create a basic distribution with defaults and tags
  community.aws.cloudfront_distribution:
    state: present
    default_origin_domain_name: www.my-cloudfront-origin.com
    tags:
      Name: example distribution
      Project: example project
      Priority: '1'
    web_acl_id: my-web-acl-id