Hi, When I instantiate a default CloudFront distribution using the default domain

<a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/us

Non-Compliant CloudFront Distribution Using Default Domain Name about cdk-nag HOT 3 CLOSED

bestickley commented on September 17, 2024

Non-Compliant CloudFront Distribution Using Default Domain Name

from cdk-nag.

Comments (3)

dontirun commented on September 17, 2024 1

Enabling the verbose flag will show the extended explanations for all rules. They're also all listed on the
RULES file

Aspects.of(stack).add(new AwsSolutionsChecks({ verbose: true }));

from cdk-nag.

dontirun commented on September 17, 2024

Yes. The extended explanation on that rule has more information

Vulnerabilities have been and continue to be discovered in the deprecated SSL and TLS protocols. Help protect viewer connections by specifying a viewer certificate that enforces a minimum of TLSv1.1 or TLSv1.2 in the security policy. Distributions that use the default CloudFront viewer certificate or use 'vip' for the SslSupportMethod are non-compliant with this rule, as the minimum security policy is set to TLSv1 regardless of the specified MinimumProtocolVersion

from cdk-nag.

bestickley commented on September 17, 2024

@dontirun, thank you for explaining. Where is the extended explanation?

from cdk-nag.

Non-Compliant CloudFront Distribution Using Default Domain Name about cdk-nag HOT 3 CLOSED

Comments (3)

Related Issues (20)

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent