Configure HTTP to HTTPS Redirects with a CloudFront Viewer Protocol Policy
Details Configure the Viewer Protocol Policy for your CloudFront cache to redirect HTTP requests to HTTPS requests or to require...
- Home
- Security Hardening
- CIS Amazon Web Services Three Tier Web Architecture L2 1.0.0
CIS Amazon Web Services Three Tier Web Architecture L2 1.0.0
Don’t use the default VPC
Details A default VPC is ready for you to use — you can immediately start launching instances into your default...Ensure a customer created Customer Master Key (CMK) is created for the App-tier
Details AWS Key Management Service (KMS) by default provides service Customer Managed Keys (CMK). Customers also have the ability to...Ensure a customer created Customer Master Key (CMK) is created for the Database-Tier
Details AWS Key Management Service (KMS) by default provides service Customer Managed Keys (CMK). Customers also have the ability to...Ensure a customer created Customer Master Key (CMK) is created for the Web-tier
Details AWS Key Management Service (KMS) by default provides service Customer Managed Keys (CMK). Customers also have the ability to...Ensure a DNS alias record for the root domain
Details While ordinary Amazon Route 53 resource record sets are standard DNS resource record sets, _alias resource record sets_ provide...Ensure all CloudFront Distributions require HTTPS between CloudFront and your Web-Tier ELB origin
Details Configure the Origin Protocol Policy for the Web tier ELB origin either to require that CloudFront fetches objects from...Ensure all Public Web Tier SSLTLS certificates are >30 days from Expiration
Details Public SSLTLS certificates that are used for AWS resources such as the ELB or CloudFront should always be renewed...Ensure App Tier ELB have SSLTLS Certificate attached
Details When you use HTTPS for your front-end listener, you must deploy an SSL/TLS certificate on your load balancer. The...Ensure App Tier ELB have the latest SSL Security Policies configured
Details Elastic Load Balancing uses an Secure Socket Layer (SSL) negotiation configuration, known as a security policy, to negotiate SSL/TLS...