Scribd
Upload
74 views

CloudFront Checklist

The document provides a checklist of security best practices for AWS CloudFront, including using HTTPS, enabling field-level encryption and origin access identity to protect data in transit, integrating with AWS WAF and Shield to protect from exploits and DDoS attacks, and enabling real-time logs, access logs, and CloudTrail integration to monitor access and potential risks. It also recommends using signed URLs and cookies, geo restrictions, Lambda@Edge, AWS Config, and GuardDuty for additional security customization and monitoring of CloudFront distributions.

Uploaded by

Mateusz
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
74 views

CloudFront Checklist

The document provides a checklist of security best practices for AWS CloudFront, including using HTTPS, enabling field-level encryption and origin access identity to protect data in transit, integrating with AWS WAF and Shield to protect from exploits and DDoS attacks, and enabling real-time logs, access logs, and CloudTrail integration to monitor access and potential risks. It also recommends using signed URLs and cookies, geo restrictions, Lambda@Edge, AWS Config, and GuardDuty for additional security customization and monitoring of CloudFront distributions.

Uploaded by

Mateusz
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 2

AWS Security Checklist

CloudFront

Security Checklist
Use HTTPS Enforce HTTPS for connections between
clients and CloudFront, as well as between
CloudFront and your origin servers to protect
data in transit.
Enable Field-Level Encryption Use field-level encryption to protect sensitive
data within HTTP(S) POST requests by
encrypting specific form fields at the edge.
Use Origin Access Identity (OAI) Restrict access to your S3 origin by creating
an Origin Access Identity (OAI) and using it in
your CloudFront distribution, allowing only
CloudFront to access the S3 content.
Enable AWS WAF Integrate your CloudFront distribution with
AWS Web Application Firewall (WAF) to
protect your content from common web
exploits and attacks.
Enable AWS Shield Enable AWS Shield to protect your CloudFront
distribution from Distributed Denial of Service
(DDoS) attacks.
Use CloudFront signed URLs or signed Secure your CloudFront content by using
cookies signed URLs or signed cookies to restrict
access to your content.
Enable real-time logs Enable real-time logs in CloudFront to monitor
and analyze access patterns and identify
potential security risks.
Enable access logs Enable access logs for your CloudFront
distribution to capture detailed information
about viewer requests.
Use Geo Restriction Configure geo restriction to control which
countries can access your CloudFront content.
Implement Lambda@Edge Use Lambda@Edge to customize and secure
your CloudFront content by running Lambda
functions at the edge locations.
Enable CloudTrail integration Integrate your CloudFront distribution with
AWS CloudTrail to capture and store data
events for auditing and compliance purposes.
Enable AWS Config Enable AWS Config to continuously monitor
and record your CloudFront distribution
configurations and evaluate them against best
practices.
Use Amazon GuardDuty Enable Amazon GuardDuty to continuously
monitor and detect threats to your CloudFront
distributions and AWS accounts.

Made with love by Bour Abdelhadi


Security Checklist
Enable cache policies Create and use cache policies to customize
and control the cache behavior of your
CloudFront distribution, improving
performance and security.
Use custom error pages Configure custom error pages for your
CloudFront distribution to provide a better
user experience and prevent information
leakage.
Use security headers Add security headers like Content-Security-
Policy, X-Content-Type-Options, and X-Frame-
Options to your CloudFront response using
Lambda@Edge for added security.

Made with love by Bour Abdelhadi

You might also like