Data protection

CloudFront distributions origin access identity is disabled

Risk Level

Informational (4)

Platform(s)
Compliance Frameworks

Description

We have found that the Cloudfront distribution {AwsCloudFront} OAI is not configured. Amazon CloudFront is a high-performance content delivery network (CDN) service that securely delivers data, videos, apps, and APIs to customers around the world with low latency and high transfer speeds. Amazon CloudFront distribution with Amazon S3 Origin type can have an Origin Access Identity (OAI) configured. CloudFront OAI blocks users from directly accessing S3 bucket content.

  • Recommended Mitigation

    It is recommended to consider to enable Origin Access Identity (OAI) for CloudFront distribution {AwsCloudFront}. This configuration will help you prevent users from directly accessing S3 bucket content. For more information: <a href="https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-restricting-access-to-s3.html," target="_blank" rel="noopener noreferrer">https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-restricting-access-to-s3.html,</a> <a href="https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-web-values-specify.html#DownloadDistValuesOAI" target="_blank" rel="noopener noreferrer">https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-web-values-specify.html#DownloadDistValuesOAI</a>

Need help?

Get a free Security Risk Assessment. Start today

See Orca in action See Orca in action-> View a 10 minute recorded demo or sign up for a personalized one-on-one walk-through.