Benchmark: CloudFront
Description
This benchmark provides a set of controls that detect Terraform AWS CloudFront resources deviating from security best practices.
Usage
Install the mod:
mkdir dashboardscd dashboardspowerpipe mod initpowerpipe mod install github.com/turbot/steampipe-mod-terraform-aws-complianceStart the Powerpipe server:
steampipe service startpowerpipe serverOpen http://localhost:9033 in your browser and select CloudFront.
Run this benchmark in your terminal:
powerpipe benchmark run terraform_aws_compliance.benchmark.cloudfrontSnapshot and share results via Turbot Pipes:
powerpipe benchmark run terraform_aws_compliance.benchmark.cloudfront --shareControls
- CloudFront distributions should have origin failover configured
- CloudFront distributions should have a default root object configured
- CloudFront distribution should be in enabled state
- CloudFront distributions should require encryption in transit
- CloudFront distributions should have logging enabled
- CloudFront distributions should have origin access identity enabled
- CloudFront distributions should have AWS WAF enabled
- CloudFront distributions minimum protocol version should be set
- CloudFront response header policy should be configured with Strict Transport Security