CDN Configuration Is Missing
- Query id: b25398a2-0625-4e61-8e4d-a1bb23905bf6
- Query name: CDN Configuration Is Missing
- Platform: Ansible
- Severity: Low
- Category: Best Practices
- CWE: 710
- URL: Github
Description¶
Content Delivery Network (CDN) service is used within an AWS account to secure and accelerate the delivery of websites. The use of a CDN can provide a layer of security between your origin content and the destination.
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - yaml file
- name: create a distribution without an origin and with enabled=false
community.aws.cloudfront_distribution:
state: present
caller_reference: unique test distribution ID
default_cache_behavior:
target_origin_id: 'my test origin-000111'
forwarded_values:
query_string: true
cookies:
forward: all
headers:
- '*'
viewer_protocol_policy: allow-all
smooth_streaming: true
compress: true
allowed_methods:
items:
- GET
- HEAD
cached_methods:
- GET
- HEAD
enabled: false
logging:
enabled: true
include_cookies: false
bucket: mylogbucket.s3.amazonaws.com
prefix: myprefix/
Code samples without security vulnerabilities¶
Negative test num. 1 - yaml file
- name: create a distribution with an origin, logging and default cache behavior
community.aws.cloudfront_distribution:
state: present
caller_reference: unique test distribution ID
origins:
- id: 'my test origin-000111'
domain_name: www.example.com
origin_path: /production
custom_headers:
- header_name: MyCustomHeaderName
header_value: MyCustomHeaderValue
default_cache_behavior:
target_origin_id: 'my test origin-000111'
forwarded_values:
query_string: true
cookies:
forward: all
headers:
- '*'
viewer_protocol_policy: allow-all
smooth_streaming: true
compress: true
allowed_methods:
items:
- GET
- HEAD
cached_methods:
- GET
- HEAD
logging:
enabled: true
include_cookies: false
bucket: mylogbucket.s3.amazonaws.com
prefix: myprefix/
enabled: true
comment: this is a CloudFront distribution with logging