CloudFront distributes content globally at the edge. Misconfigurations can lead to unintended data exposure, improper caching of sensitive content, or insecure access paths. Controls around origin protection, TLS, and cache behaviour are critical.
Cloudfront Distributions that do not use an S3 Origin Identity require the S3 bucket to use website hosting, splitting access controls across S3 and Cloudfront as well as implementing unencrypted …
Cloudfront Distributions are set to distribute content to all available edge locations, including locations that may not include commercially viable users or may pose data sovereignty concerns
Cloudfront Distributions that do not use AWS WAF lack a number of security protections and tracking
Cloudfront Distributions are accepting traffic from all locations on the internet. This includes traffic from geographical regions which are unlikely to be business accessible.
CloudFront Distributions that do not compress responses lead to slower applications and forfeit a positive ranking signal to search providers
Cloudfront Distributions which accept unencrypted traffic respond to requests in plain text compromising all information sent and recieved.
