The CloudFront has an insecure protocol version

ID

aws_cloudfront_minimum_protocol

Severity

high

Vendor

AWS

Resource

Network

Tags

reachable

Description

The CloudFront has an insecure protocol version. The minimum protocol version consider secure is TLS 1.2.

To fix it you must configure viewer_certificate.minimum_protocol_version at least with TLS 1.2.

Learn more about this topic at AWS CloudFront secure connections.

Examples

---
- name: Example playbook
  hosts: localhost
  tasks:
    - name: create distribution
      community.aws.cloudfront_distribution:
        state: present
        default_origin_domain_name: www.my-cloudfront-origin.com
        tags:
          Name: example distribution
          Project: example project
          Priority: '1'
        viewer_certificate:
          minimum_protocol_version: TLSv1.1

Mitigation / Fix

---
- name: Example playbook
  hosts: localhost
  tasks:
    - name: create distribution
      community.aws.cloudfront_distribution:
        state: present
        default_origin_domain_name: www.my-cloudfront-origin.com
        tags:
          Name: example distribution
          Project: example project
          Priority: '1'
        viewer_certificate:
          minimum_protocol_version: TLSv1.3