--- title: CloudFront viewer should be encrypted description: Datadog, the leading service for cloud-scale monitoring. breadcrumbs: Docs > Datadog Security > OOTB Rules > CloudFront viewer should be encrypted --- # CloudFront viewer should be encrypted ## Description{% #description %} Ensure that the AWS CloudFront Content Delivery Network (CDN) for your distribution is using HTTPS to send and receive content. ## Rationale{% #rationale %} HTTPS ensures encrypted communication for your AWS CloudFront distribution, alleviating the possibility of malicious attacks like packet interception. ## Remediation{% #remediation %} ### From the console{% #from-the-console %} Follow the [configure CloudFront to require HTTPS between viewers and CloudFront](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/using-https-viewers-to-cloudfront.html) docs to change your Viewer Protocol Policy to HTTPS only. ### From the command line{% #from-the-command-line %} 1. Run `get-distribution-config` with your AWS CloudFront distribution ID to retrieve your [distribution's configuration information](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cloudfront/get-distribution-config.html). In the `get-distribution-config.sh` file: ```bash aws cloudfront get-distribution-config --id ID000000000000 ``` 1. In a new JSON file, modify the returned configuration. Set `ViewerProtocolPolicy` to `https-only` and save the configuration file. In the `https-only.sh` file: ```json { "ETag": "ETAG0000000000", "DistributionConfig": { "Origins": { "ViewerProtocolPolicy": "https-only", ... } } } ``` 1. Run `update-distribution` to [update your distribution](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cloudfront/update-distribution.html) with your distribution `id`, the path of the configuration file (created in step 2), and your `etag`. In the `update-distribution.sh` file: ```bash aws cloudfront update-distribution --id ID000000000000 --distribution-config https-only.json --if-match ETAG0000000000 ```