Data protection

CloudFront distributions default root object is not configured

Platform(s)
Compliance Frameworks
  • AWS Foundational Security Best Practices Controls
  • ,
  • Brazilian General Data Protection (LGPD)
  • ,
  • CCM-CSA
  • ,
  • CCPA
  • ,
  • cis_8
  • ,
  • CPRA
  • ,
  • essential_8_au
  • ,
  • GDPR
  • ,
  • iso_27001_2022
  • ,
  • iso_27002_2022
  • ,
  • Mitre ATT&CK
  • ,
  • New Zealand Information Security Manual
  • ,
  • NIST 800-171
  • ,
  • NIST 800-53
  • ,
  • PDPA
  • ,
  • pipeda
  • ,
  • UK Cyber Essentials

Description

We have found that CloudFront Distribution {AwsCloudFront} default root object is not configured. Amazon CloudFront is a high-performance content delivery network (CDN) service that securely delivers data, videos, apps, and APIs to customers around the world with low latency and high transfer speeds. The Amazon CloudFront distribution can be set to return a specified object that serves as the default root object. A user may occasionally request the distribution's root URL rather than an object within the distribution. When this happens, specifying a default root object can assist you avoid exposing your web distribution's contents.