Detections
Analytics

Ensure a web application firewall is enabled for AWS CloudFront distribution

MEDIUM

Description

AWS Web Application Firewall (WAF) can be used to protect CloudFront distributions by inspecting and managing requests from the web using specific ACL configurations. This can be configured to meet the need of each individual application, but before that can be done, it must be enabled. For more information, see the AWS Documentation.
References:
https://docs.aws.amazon.com/waf/latest/developerguide/cloudfront-features.html

Remediation

In AWS Console -

  1. Sign in to AWS Console and open the CloudFront Console.
  2. Choose the ID for the distribution that you want to update.
  3. In the General Tab, select Edit.
  4. Go to the Distribution Settings page and in the AWS WAF Web ACL list, choose the web ACL that you want to associate with this distribution.
  5. Select Yes, Edit.

In Terraform -

  1. In the aws_cloudfront_distribution resource, set the web_acl_id field to use the ARN ID for a web ACL configuration.

References:
https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-web-awswaf.html
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudfront_distribution#web_acl_id

Policy Details

Rule Reference ID: AC_AWS_0032
CSP: AWS
Remediation Available: Yes
Domain: Infrastructure Security
Resource: aws_cloudfront_distribution
Resource Category: Virtual Network
Resource Type: CloudFront

Frameworks