Detections
Analytics

Ensure feature to compress objects automatically is configured for AWS Cloudfront

LOW

Description

AWS Cloudfront is not using compress objects configured automatically feature. This may lead to network congestion.

Remediation

In AWS Console -

  1. Sign in to the AWS Console and open the CloudFront Console.
  2. Under Distributions, select the distribution that requires a compression setting.
  3. Under Behaviors, select the specific behavior to update.
  4. For Compress objects automatically choose Yes.
  5. Under Cache key and origin requests, select Cache policy and select a policy from the dropdown that enables both GZIP and Brotli, or create a new one.
  6. Update the TTL settings to values greater than 0.
  7. Select Save changes.

In Terraform -

  1. In the aws_cloudfront_distribution, set the ordered_cache_behavior.compress to true.
  2. Set the ordered_cache_behavior fields max_ttl, min_ttl, and default_ttl to values greater than 0.

For more information, see the AWS or Terraform documentation.
References:
https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/ServingCompressedFiles.html
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudfront_distribution

Policy Details

Rule Reference ID: AC_AWS_0389
CSP: AWS
Remediation Available: Yes
Domain: Compliance Validation
Resource: aws_cloudfront_distribution
Resource Category: Virtual Network
Resource Type: CloudFront

Frameworks