AWS solutions medium security documentation change
Summary
Added security recommendation to use custom SSL certificate with modern TLS policy for CloudFront
Security assessment
Explicitly addresses security by recommending stronger TLS configurations to disable outdated protocols (TLS 1.0/1.1)
Diff
diff --git a/solutions/latest/network-orchestration-aws-transit-gateway/aws-well-architected-design-considerations.md b/solutions/latest/network-orchestration-aws-transit-gateway/aws-well-architected-design-considerations.md index 4300e8b60..74c4f7d9d 100644 --- a/solutions/latest/network-orchestration-aws-transit-gateway/aws-well-architected-design-considerations.md +++ b/solutions/latest/network-orchestration-aws-transit-gateway/aws-well-architected-design-considerations.md @@ -44,0 +45,2 @@ This section describes how the principles and best practices of the [security pi +The solution creates CloudFront distribution with the [Default CloudFront SSL Certificate](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-web-values-specify.html#DownloadDistValuesSSLCertificate) which allows TLS 1.1 and TLS 1.0. We recommend using Custom SSL Certificate with [TLSv1.2_2021 security policy](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/secure-connections-supported-viewer-protocols-ciphers.html) to disallow insecure protocols and cipher suites. +