AWS Security ChangesHomeSearch

AWS solutions medium security documentation change

Service: solutions · 2025-03-26 · Security-related medium

File: solutions/latest/network-orchestration-aws-transit-gateway/aws-well-architected-design-considerations.md

Summary

Added security recommendation to use custom SSL certificate with modern TLS policy for CloudFront

Security assessment

Explicitly addresses security by recommending stronger TLS configurations to disable outdated protocols (TLS 1.0/1.1)

Diff

diff --git a/solutions/latest/network-orchestration-aws-transit-gateway/aws-well-architected-design-considerations.md b/solutions/latest/network-orchestration-aws-transit-gateway/aws-well-architected-design-considerations.md
index 4300e8b60..74c4f7d9d 100644
--- a/solutions/latest/network-orchestration-aws-transit-gateway/aws-well-architected-design-considerations.md
+++ b/solutions/latest/network-orchestration-aws-transit-gateway/aws-well-architected-design-considerations.md
@@ -44,0 +45,2 @@ This section describes how the principles and best practices of the [security pi
+The solution creates CloudFront distribution with the [Default CloudFront SSL Certificate](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-web-values-specify.html#DownloadDistValuesSSLCertificate) which allows TLS 1.1 and TLS 1.0. We recommend using Custom SSL Certificate with [TLSv1.2_2021 security policy](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/secure-connections-supported-viewer-protocols-ciphers.html) to disallow insecure protocols and cipher suites.
+