Ensure CloudFront distributions use a security policy with minimum TLSv1.1 or TLSv1.2

Security & Compliance

CloudFront is a content delivery network (CDN) service provided by AWS that delivers data to end-users with low latency and high transfer speeds. It is essential to secure CloudFront distributions using a security policy with a minimum of TLSv1.1 or TLSv1.2 to ensure secure communication between clients and the CloudFront service. By default, CloudFront uses a security policy that supports TLSv1.2, and it is recommended to verify that this policy is applied to your CloudFront distributions.TLSv1.0 and TLSv1.1 are no longer considered secure protocols and are vulnerable to attacks, such as BEAST, POODLE, and DROWN. Therefore, it is recommended to use TLSv1.2 or higher to secure the communication channel.


2 / 2

To ensure CloudFront distributions use a security policy with a minimum of TLSv1.1 or TLSv1.2, follow these remediation steps:

  1. Log in to the AWS Management Console and navigate to the CloudFront console.
  2. Select the CloudFront distribution for which you want to configure a security policy.
  3. Click on the "Behaviors" tab.
  4. Click on "Edit" button beside the "Default (*)" behavior.
  5. Scroll down to the "Viewer Protocol Policy" section.
  6. Select "Redirect HTTP to HTTPS" or "HTTPS Only" from the drop-down menu.
  7. In the "Security Policy" section, select "TLSv1.1_2016" or "TLSv1.2_2018" from the drop-down menu.
  8. Click on "Yes, Edit" to save the changes.

Once this is done, your CloudFront distribution will use a security policy with a minimum of TLSv1.1 or TLSv1.2.

Enforced Resources
Note: Remediation steps provided by Lightlytics are meant to be suggestions and guidelines only. It is crucial to thoroughly verify and test any remediation steps before applying them to production environments. Each organization's infrastructure and security needs may differ, and blindly applying suggested remediation steps without proper testing could potentially cause unforeseen issues or vulnerabilities. Therefore, it is strongly recommended that you validate and customize any remediation steps to meet your organization's specific requirements and ensure that they align with your security policies and best practices.