Detections
Analytics

Ensure a default root object is configured for AWS Cloudfront Distribution

MEDIUM

Description

Configuring a 'default_root_object' in CloudFront can help protect data rather than exposing the contents of a distribution. By setting a default root object, any request to a specific resource will have a default object to display. For more information on how to configure a default root object and how it works, see the AWS documentation.
References:
https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/DefaultRootObject.html

Remediation

In AWS console -

  1. Open Cloudfront console and find the list of distributions in top pane.
  2. Select the distribution to update.
  3. In the Distribution Details pane, on the General tab, choose Edit.
  4. Make required changes to update default root object.

In Terraform -

  1. In the aws_cloudfront_distribution resource, set 'default_root_object' to a value specified by the organization to protect root URLs from public exposure.

References:
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudfront_distribution#default_root_object

Policy Details

Rule Reference ID: AC_AWS_0173
CSP: AWS
Remediation Available: Yes
Domain: Infrastructure Security
Resource: aws_cloudfront_distribution
Resource Category: Virtual Network
Resource Type: CloudFront

Frameworks