CloudFront viewer should be encrypted

cloudfront
이 페이지는 아직 영어로 제공되지 않습니다. 번역 작업 중입니다.
현재 번역 프로젝트에 대한 질문이나 피드백이 있으신 경우 언제든지 연락주시기 바랍니다.

Description

Ensure that the AWS CloudFront Content Delivery Network (CDN) for your distribution is using HTTPS to send and receive content.

Rationale

HTTPS ensures encrypted communication for your AWS CloudFront distribution, alleviating the possibility of malicious attacks like packet interception.

Remediation

From the console

Follow the configure CloudFront to require HTTPS between viewers and CloudFront docs to change your Viewer Protocol Policy to HTTPS only.

From the command line

  1. Run get-distribution-config with your AWS CloudFront distribution ID to retrieve your distribution’s configuration information.

    get-distribution-config.sh

        aws cloudfront get-distribution-config
        --id ID000000000000

  2. In a new JSON file, modify the returned configuration. Set ViewerProtocolPolicy to https-only and save the configuration file.

    https-only.sh

        {
      "ETag": "ETAG0000000000",
      "DistributionConfig": {
        "Origins": {
          "ViewerProtocolPolicy": "https-only",
          ...
        }
      }
    }

  3. Run update-distribution to update your distribution with your distribution id, the path of the configuration file (created in step 2), and your etag.

    update-distribution.sh

        aws cloudfront update-distribution
        --id ID000000000000
        --distribution-config https-only.json
        --if-match ETAG0000000000