Data protection

CloudFront distributions origin access control is disabled

Platform(s)
Compliance Frameworks

Description

Amazon CloudFront is a high-performance content delivery network (CDN) service that securely delivers data, videos, apps, and APIs to customers around the world with low latency and high transfer speeds. Amazon CloudFront distribution with Amazon S3 Origin type can have an Origin Access Control (OAC) configured. CloudFront OAC blocks users from directly accessing S3 bucket content. It was detected that Cloudfront distribution '{AwsCloudFront}' OAC is not configured. Not having proper access control configured for your AWS S3 bucket is a significant security risk.

  • Recommended Mitigation

    It is recommended to enable Origin Access Control (OAC) for CloudFront distributions. This configuration will help you prevent users from directly accessing S3 bucket content. For more information: <a href="https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-restricting-access-to-s3.html" target="_blank" rel="noopener noreferrer">https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-restricting-access-to-s3.html</a>

Need help?

Get a free Security Risk Assessment. Start today

See Orca in action See Orca in action-> View a 10 minute recorded demo or sign up for a personalized one-on-one walk-through.