AWS warns there is no default root object set on CloudFront Distribution #154
-
|
AWS Security Hub has flagged our open-next x CDK built CloudFront Distribution that has no default root object. They claim it is the highest severity "Critical". Here some AWS articles on the topic: I think this line is the "culprit". defaultRootObject: ''I am wondering if anyone has run into similar warnings, if this should be discussed, or if it can be safely ignored. From my understanding, a default root object should be set if your CloudFront Distribution points to an S3 origin. In our case, we point to the server lambda. |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 1 reply
-
|
@patrickufer, thank you for bringing this up. This construct strives to have the highest security by default. Yes, I agree with your conclusion. The threat of not having a default root object set explained here seem to only related to S3 origins which this construct only uses for files in However, with that said if there is a simple configuration to resolve this error (you won't be the only one who runs into it), then I'd like to fix it, but in |
Beta Was this translation helpful? Give feedback.
-
|
Wow thanks for the quick response. ✅ Yeah, I think for now we will suppress the finding in Security Hub. If we come up with a solution that let's us set |
Beta Was this translation helpful? Give feedback.
Wow thanks for the quick response.
✅ Yeah, I think for now we will suppress the finding in Security Hub.
If we come up with a solution that let's us set
defaultRootObjecton the Distribution, we will follow up here :)