AWS securityhub documentation change
Summary
Narrowed scope of CloudFront.1 control to only check distributions with S3 origins (excludes custom origins)
Security assessment
This clarifies the control's applicability but doesn't address a specific vulnerability. The change reduces false positives by excluding custom origins from a security configuration check.
Diff
diff --git a/securityhub/latest/userguide/cloudfront-controls.md b/securityhub/latest/userguide/cloudfront-controls.md index f156f5fbe..383740db4 100644 --- a//securityhub/latest/userguide/cloudfront-controls.md +++ b//securityhub/latest/userguide/cloudfront-controls.md @@ -27 +27 @@ These AWS Security Hub controls evaluate the Amazon CloudFront service and resou -This control checks whether an Amazon CloudFront distribution is configured to return a specific object that is the default root object. The control fails if the CloudFront distribution does not have a default root object configured. +This control checks whether an Amazon CloudFront distribution with S3 origins is configured to return a specific object that is the default root object. The control fails if the CloudFront distribution uses S3 origins and doesn't have a default root object configured. This control doesn't apply to CloudFront distributions that use custom origins.