VIEW RULE IN DATADOG VIEW SIGNALS

Description

Use trusted key groups for signed URLs and cookies in CloudFront distributions instead of trusted signers (CloudFront key pairs).

Trusted key groups enhance key management by allowing you to use AWS-managed keys and IAM for access control. This rule passes when trusted key groups are configured, and trusted signers are removed.

Remediation

Configure trusted key groups for your CloudFront distribution. For information about choosing a signer and configuring trusted key groups, see AWS Documentation.