CDN Configuration Is Missing

• Query id: e4f54ff4-d352-40e8-a096-5141073c37a2
• Query name: CDN Configuration Is Missing
• Platform: CloudFormation
• Severity: Low
• Category: Best Practices
• URL: Github

Description

Content Delivery Network (CDN) service is used within an AWS account to secure and accelerate the delivery of websites. The use of a CDN can provide a layer of security between your origin content and the destination.
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - yaml file

AWSTemplateFormatVersion: '2010-09-09'
Resources:
  myDistribution:
    Type: 'AWS::CloudFront::Distribution'
    Properties:
      DistributionConfig:
        Enabled: 'false'
        Comment: Somecomment
        DefaultRootObject: index.html
        Logging:
          IncludeCookies: 'true'
          Bucket: mylogs.s3.amazonaws.com
          Prefix: myprefix

Positive test num. 2 - json file

{
  "AWSTemplateFormatVersion": "2010-09-09",
  "Resources": {
    "myDistribution": {
      "Type": "AWS::CloudFront::Distribution",
      "Properties": {
        "DistributionConfig": {
          "Comment": "Somecomment",
          "DefaultRootObject": "index.html",
          "Logging": {
            "IncludeCookies": "true",
            "Bucket": "mylogs.s3.amazonaws.com",
            "Prefix": "myprefix"
          },
          "Enabled": "false"
        }
      }
    }
  }
}

Code samples without security vulnerabilities

Negative test num. 1 - yaml file

AWSTemplateFormatVersion: '2010-09-09'
Resources:
  myDistribution:
    Type: 'AWS::CloudFront::Distribution'
    Properties:
      DistributionConfig:
        Origins:
        - DomainName: www.example.com
          Id: myCustomOrigin
          CustomOriginConfig:
            HTTPPort: '80'
            HTTPSPort: '443'
            OriginProtocolPolicy: http-only
        Enabled: 'true'
        Comment: Somecomment
        DefaultRootObject: index.html
        Logging:
          IncludeCookies: 'true'
          Bucket: mylogs.s3.amazonaws.com
          Prefix: myprefix

Negative test num. 2 - json file

{
  "AWSTemplateFormatVersion": "2010-09-09",
  "Resources": {
    "myDistribution": {
      "Type": "AWS::CloudFront::Distribution",
      "Properties": {
        "DistributionConfig": {
          "Enabled": "true",
          "Comment": "Somecomment",
          "DefaultRootObject": "index.html",
          "Logging": {
            "IncludeCookies": "true",
            "Bucket": "mylogs.s3.amazonaws.com",
            "Prefix": "myprefix"
          },
          "Origins": [
            {
              "DomainName": "www.example.com",
              "Id": "myCustomOrigin",
              "CustomOriginConfig": {
                "OriginProtocolPolicy": "http-only",
                "HTTPPort": "80",
                "HTTPSPort": "443"
              }
            }
          ]
        }
      }
    }
  }
}