Data protection

CloudFront distributions origin access control is disabled

Platform(s)

Description

Amazon CloudFront is a high-performance content delivery network (CDN) service that securely delivers data, videos, apps, and APIs to customers around the world with low latency and high transfer speeds. Amazon CloudFront distribution with Amazon S3 Origin type can have an Origin Access Control (OAC) configured. CloudFront OAC blocks users from directly accessing S3 bucket content. It was detected that Cloudfront distribution '{AwsCloudFront}' OAC is not configured. Not having proper access control configured for your AWS S3 bucket is a significant security risk.
  • Recommended Mitigation

    It is recommended to enable Origin Access Control (OAC) for CloudFront distributions. This configuration will help you prevent users from directly accessing S3 bucket content. For more information: <a href="https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-restricting-access-to-s3.html" target="_blank" rel="noopener noreferrer">https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-restricting-access-to-s3.html</a>