Terraform Http Server Serves Insecure Http
Description
Detects when AWS CloudFront distributions are configured to serve content over insecure HTTP protocol instead of HTTPS. This poses a security risk as HTTP traffic is unencrypted and vulnerable to man-in-the-middle attacks and data interception.
Detection Strategy
• Identifies AWS CloudFront distribution resources in Terraform configuration files
• Checks if the distribution allows content to be served over unencrypted HTTP protocol
• Reports a security issue when HTTPS-only content serving is not enforced
• Recommends configuring CloudFront to require HTTPS for all content delivery
Vulnerable code example
resource "aws_cloudfront_distribution" "example" {
enabled = true
origin {
domain_name = "example-bucket.s3.amazonaws.com"
origin_id = "S3-example-bucket"
}
...✅ Secure code example
resource "aws_cloudfront_distribution" "example" {
enabled = true
origin {
domain_name = "example-bucket.s3.amazonaws.com"
origin_id = "S3-example-bucket"
# Add S3 origin config for secure access...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.