Data protection

CloudFront distributions default root object is not configured

Risk Level

Informational (4)

Platform(s)
Compliance Frameworks

Description

We have found that CloudFront Distribution {AwsCloudFront} default root object is not configured. Amazon CloudFront is a high-performance content delivery network (CDN) service that securely delivers data, videos, apps, and APIs to customers around the world with low latency and high transfer speeds. The Amazon CloudFront distribution can be set to return a specified object that serves as the default root object. A user may occasionally request the distribution's root URL rather than an object within the distribution. When this happens, specifying a default root object can assist you avoid exposing your web distribution's contents.

  • Recommended Mitigation

    It is recommended to consider to configure a default root object to the CloudFront distribution {AwsCloudFront}. This configuration may help to avoid exposing your web distribution's contents. For more information: <a href="https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/DefaultRootObject.html#DefaultRootObjectHowToDefine," target="_blank" rel="noopener noreferrer">https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/DefaultRootObject.html#DefaultRootObjectHowToDefine,</a> <a href="https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-web-values-specify.html#DownloadDistValuesDefaultRootObject" target="_blank" rel="noopener noreferrer">https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-web-values-specify.html#DownloadDistValuesDefaultRootObject</a>

Need help?

Get a free Security Risk Assessment. Start today

See Orca in action See Orca in action-> View a 10 minute recorded demo or sign up for a personalized one-on-one walk-through.