Data protection

CloudFront distributions origin access identity is disabled

Description

We have found that the Cloudfront distribution {AwsCloudFront} OAI is not configured. Amazon CloudFront is a high-performance content delivery network (CDN) service that securely delivers data, videos, apps, and APIs to customers around the world with low latency and high transfer speeds. Amazon CloudFront distribution with Amazon S3 Origin type can have an Origin Access Identity (OAI) configured. CloudFront OAI blocks users from directly accessing S3 bucket content.
  • Recommended Mitigation

    It is recommended to consider to enable Origin Access Identity (OAI) for CloudFront distribution {AwsCloudFront}. This configuration will help you prevent users from directly accessing S3 bucket content. For more information: <a href="https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-restricting-access-to-s3.html," target="_blank" rel="noopener noreferrer">https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-restricting-access-to-s3.html,</a> <a href="https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-web-values-specify.html#DownloadDistValuesOAI" target="_blank" rel="noopener noreferrer">https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-web-values-specify.html#DownloadDistValuesOAI</a>