For AI agents: A markdown version of this page is available at https://docs.datadoghq.com/security/default_rules/def-000-mbs.md. A documentation index is available at /llms.txt.

CloudFront distributions should be configured with a default root object

cloudfront

Description

This evaluation determines if an Amazon CloudFront distribution is set up to provide a designated object as the default root object. The evaluation is marked as failed if the CloudFront distribution lacks a configured default root object.

When a user accesses the root URL of the distribution rather than a specific file, having a default root object specified helps to prevent the disclosure of the entire contents of the web distribution.

Remediation

For instructions on setting up a default root object in a CloudFront distribution, refer to the section on specifying a default root object in the Amazon CloudFront Developer Guide.