Class CcDistribution

CloudKitect CloudFront Distribution Component.

Default Configuration

Http Protocol: Redirect to Https Logging: Enabled Tracing: Enabled Protocol Version: SecurityPolicyProtocol.TLS_V1_2_2021

Default Alarms

1. Total Error Rate Alarm

   • Risk Level: Low
   • Well Architected Pillar: Reliability

Examples

Default Usage

new CcDistribution(this, "LogicalId", {});
Copy

Custom Configuration

new CcDistribution(this, "LogicalId", {
   logBucket: myLogBucket
});
Copy

Compliance

It addresses the following compliance requirements

1. Cloudfront origin should not use insecure protocols

   • Risk Level: Medium
   • Compliance: PCI, HIPAA, APRA, MAS, NIST4
   • Well Architected Pillar: Security

2. Cloudfront logging enabled

   • Risk Level: Low
   • Compliance: PCI, HIPAA, GDPR, APRA, NIST4
   • Well Architected Pillar: Operational Excellence

3. Cloudfront uses enhanced security policy min TLS1.2

   • Risk Level: High
   • Compliance: PCI, HIPAA, MAS, NIST4
   • Well Architected Pillar: Security

4. Cloudfront uses only secure protocol to communicate with origin

   • Risk Level: Medium
   • Compliance: PCI, HIPAA, APRA, MAS, NIST4
   • Well Architected Pillar: Security

5. Cloudfront uses only secure protocol to communicate with end users

   • Risk Level: High
   • Compliance: PCI, HIPAA, NIST4
   • Well Architected Pillar: Security