The Amazon CloudFront security scan on Vectrix detects a variety of CloudFront security issues in a connected AWS account that could be leaving you vulnerable. This includes the use of insecure SSL protocols, disabled logging, unencrypted origin traffic, and other security issues.
Scan on-demand to detect active CloudFront security issues that you have.
Monitor continuously to get alerted about new CloudFront security issues in the future.
Don't know how Amazon CloudFront works? Read more below.
What this scan detects
Disabled origin access identity
Having origin access identity not enabled in CloudFront could be problematic as it otherwise allows for objects to be access directly, potentially allowing for unregulated access to files.
Unencrypted origin traffic
When you don't use HTTPS for your AWS CloudFront distributions, you are unable to ensure that the traffic between edge servers and the origin are encrypted. This poses the risk of bad actors being able to access the files being retrieved.
Disabled CloudFront logging
When CloudFront logging is disabled, this means you are not recording any detailed content delivery activity taking place via CloudFront, leaving you with no way to examine potentially malicious or suspicious activity.
Insecure origin SSL protocols
Using insecure origin SSL protocols can leave you vulnerable to malicious actors leveraging Man-in-the-Middle (MITM) attacks to intercept or eavesdrop on content being delivered via the insecure network.