To enhance the security of your Amazon CloudFront web distributions, it's recommended to enable field-level encryption. This feature provides an extra layer of protection, in addition to SSL encryption (HTTPS), that safeguards specific sensitive data during system processing, ensuring that only certain applications within your environment can access this data. Make sure that you enable field-level encryption for your Amazon CloudFront web distributions to secure sensitive data such as social security numbers or credit card numbers. Enabling field-level encryption helps to ensure that your data is protected across application services.
To ensure that your CloudFront web distributions enforce field-level encryption, you can follow these remediation steps:
You can also enable field-level encryption when you create a new CloudFront web distribution by selecting the appropriate field-level encryption configuration under the "Origin Settings" section.
After enabling field-level encryption, ensure that your application services are configured to decrypt the data using the appropriate private key. Additionally, ensure that you have proper access controls in place for managing the private key used for field-level encryption.