CloudFront distributions should use custom SSL/TLS certificates

Description

This check verifies whether CloudFront distributions are using the SSL/TLS certificate provided by CloudFront as the default option. The check is successful if a custom SSL/TLS certificate is being used by the CloudFront distribution. Conversely, the check fails if the CloudFront distribution is still using the default SSL/TLS certificate.

Custom SSL/TLS certificates enable users to access content using different domain names. It is recommended to store custom certificates in AWS Certificate Manager or IAM.

Remediation

For instructions on adding an alternate domain name to a CloudFront distribution that uses a custom SSL/TLS certificate, refer to Adding an alternate domain name in the Amazon CloudFront Developer Guide.