AWS CloudFront
Best practices and references below are based on published guidance from the cloud service provider and may reference native capabilities the cloud service provider offers. If you are not using the native security capabilities, the same security requirement can be met using other security capabilities your organization utilizes
Design Guidance:
Cache Policy Config-Default Ttl | ||
Cache Policy Config-Max Ttl | ||
Cache Policy Config-Min Ttl | ||
Cache Policy Config-Name |
Default Cache Behavior-Cache Policy Id | ||
Cache Behaviors-Cache Policy Id |
Design Guidance:
Cookies Config-Cookie Behavior | ||
Cookies Config-Cookies |
Cookies Config-Cookie Behavior |
Design Guidance:
Headers Config-Header Behavior | ||
Headers Config-Headers |
Origins-Origin Custom Headers | ||
Origin Custom Headers-Header Value | ||
Origin Custom Headers-Header Name | ||
Default Cache Behavior-Allowed Methods | ||
Default Cache Behavior-Cached Methods | ||
Cache Behaviors-Allowed Methods | ||
Cache Behaviors-Cached Methods |
Headers Config-Header Behavior | ||
Headers Config-Headers |
Design Guidance:
Query Strings Config-Query String Behavior |
Default Cache Behavior-Origin Request Policy Id | ||
Cache Behaviors-Origin Request Policy Id |
Query Strings Config-Query String Behavior |
Design Guidance:
Logging-Include Cookies | ||
Default Cache Behavior-Realtime Log Config Arn | ||
Logging-Bucket |
Logging-Enabled | |
Logging-Prefix | |
Logging-Bucket |
Origins-Connection Timeout |
Origins-Connection Attempts |
Design Guidance:
S3origin Config-Origin Access Identity |
Design Guidance:
Origins-Id | ||
Lambda Function Associations-Lambda Function Arn | ||
Default Cache Behavior-Target Origin Id | ||
Default Cache Behavior-Trusted Signers | ||
Cache Behaviors-Target Origin Id |
Trusted Signers-Enabled | |
Trusted Signers-AWS Account Numbers |
Custom Origin Config-HTTPSport | ||
Custom Origin Config-HTTPport |
Design Guidance:
Custom Origin Config-Origin SSLprotocols | ||
Viewer Certificate-Minimum Protocol Version | ||
Custom Origin Config-Origin Protocol Policy | ||
Default Cache Behavior-Viewer Protocol Policy | ||
Default Cache Behavior-Field Level Encryption Id | ||
Cache Behaviors-Viewer Protocol Policy |
Design Guidance:
Viewer Certificate-SSL Support Method | ||
Viewer Certificate-Acm Certificate Arn | ||
Lambda Function Associations-Lambda Function Arn |
Kinesis Stream Config-Role Arn | |
Kinesis Stream Config-Stream Arn |
Design Guidance:
Origin Groups-Quantity | ||
Origin Groups-Items | ||
Items-Id | ||
Status Codes-Quantity | ||
Status Codes-Items |
Distribution Config-Web Aclid |
Geo Restriction-Locations | ||
Geo Restriction-Restriction Type |
Design Guidance:
Tags |
Tags |
Last modified 7mo ago