CloudFront distributions that utilize HTTP POST Methods should have field-level encryption enabled

Description

This check verifies that AWS CloudFront field-level encryption is enabled when using the POST method in the CloudFront Distrubution. If the distribution does not employ HTTP POST Methods, this rule will be skipped for the associated CloudFront Distribution. Failure will occur if the distribution is utilizing POST within the default cache behavior or cache behavior without enabling the associated field-level encryption.

Field-level encryption ensures sensitive data contained within fields, such as identification and credit card numbers, is protected across your services and applications.

Remediation

For instructions on how to update or enable field-level encryption, please consult the Using field-level encryption to help protect sensitive data in the AWS CloudFront developers guide.