Checks/Aws/Test-CloudfrontDistributionsOriginTrafficEncrypted.ps1
|
function Test-CloudfrontDistributionsOriginTrafficEncrypted { <# .SYNOPSIS CloudFront distribution encrypts traffic to custom origins .DESCRIPTION **CloudFront distributions** are evaluated for **TLS to origins**. The check ensures custom origins use `origin_protocol_policy`=`https-only`, or `match-viewer` only when the viewer protocol policy disallows HTTP. For S3 origins, it inspects the viewer protocol policy and flags `allow-all` as permitting non-encrypted paths. .PARAMETER Check CIEMCheck object containing check metadata. #> [CmdletBinding()] [OutputType([PSCustomObject[]])] param( [Parameter(Mandatory)] [CIEMCheck]$Check ) $ErrorActionPreference = 'Stop' # TODO: Implement check logic based on Prowler check: cloudfront_distributions_origin_traffic_encrypted [CIEMScanResult]::Create($Check, 'MANUAL', 'This check requires manual implementation. See Prowler check cloudfront_distributions_origin_traffic_encrypted for reference.', 'N/A', 'cloudfront Resources') } |