CloudFront distributions should use trusted key groups for signed URLs and cookies

Documentos > Datadog Security > OOTB Rules > CloudFront distributions should use trusted key groups for signed URLs and cookies

Esta página aún no está disponible en español. Estamos trabajando en su traducción.
Si tienes alguna pregunta o comentario sobre nuestro actual proyecto de traducción, no dudes en ponerte en contacto con nosotros.

Description

Use trusted key groups for signed URLs and cookies in CloudFront distributions instead of trusted signers (CloudFront key pairs).

Trusted key groups enhance key management by allowing you to use AWS-managed keys and IAM for access control. This rule passes when trusted key groups are configured, and trusted signers are removed.

Remediation

Configure trusted key groups for your CloudFront distribution. For information about choosing a signer and configuring trusted key groups, see AWS Documentation.