Ensure that Origin Failover feature is enabled for CloudFront web distributions


To enhance the reliability and availability of the web content delivered to your viewers, enable the Origin Failover feature for your Amazon CloudFront distributions. Origin Failover allows you to set up two origins - primary and secondary, and in case of a primary origin failure, the content is automatically served from the secondary origin, ensuring continuous availability. To implement Origin Failover, create an origin group for rerouting during a failover event and associate it with a cache behavior to redirect requests from the primary origin to the secondary origin. Before setting up an origin group, ensure that you have configured two origins for your CloudFront distribution.


To ensure that the Origin Failover feature is enabled for CloudFront web distributions, you can follow these remediation steps:

  1. Log in to the AWS Management Console and navigate to the CloudFront service.
  2. Select the web distribution for which you want to enable Origin Failover.
  3. Click on the "Behaviors" tab and select the behavior for which you want to enable Origin Failover.
  4. Click on the "Edit" button to edit the behavior.
  5. Scroll down to the "Origin Settings" section and expand it.
  6. Under "Origin Failover Settings," select the "Yes" radio button to enable Origin Failover.
  7. Specify the primary and secondary origin server information, including the protocol, domain name, and port number.
  8. Optionally, you can set a custom error message to be displayed to users if the primary origin server fails.
  9. Click on the "Create" or "Update" button to save the changes.

Once Origin Failover is enabled, CloudFront will automatically switch to the secondary origin server if the primary server becomes unavailable, ensuring continuity of service for your website visitors.

Enforced Resources
Note: Remediation steps provided by Lightlytics are meant to be suggestions and guidelines only. It is crucial to thoroughly verify and test any remediation steps before applying them to production environments. Each organization's infrastructure and security needs may differ, and blindly applying suggested remediation steps without proper testing could potentially cause unforeseen issues or vulnerabilities. Therefore, it is strongly recommended that you validate and customize any remediation steps to meet your organization's specific requirements and ensure that they align with your security policies and best practices.