Cloudfront compress objects automatically remediation

Using Console

Using CLI

To remediate the misconfiguration “CloudFront Web Distributions Should Automatically Compress Web Content” for AWS using AWS CLI, follow the below steps:

Open the AWS CLI on your local machine.
Run the following command to get the ID of the distribution for which you want to enable automatic compression:
```
aws cloudfront list-distributions --query "DistributionList.Items[].{Id:Id,DomainName:DomainName}"
```
This will return a list of all your CloudFront distributions along with their IDs and domain names.
Once you have the distribution ID, run the following command to update the distribution configuration to enable automatic compression:
```
aws cloudfront update-distribution --id <distribution-id> --distribution-config '{"Enabled":true,"Compress":true,"DefaultCacheBehavior":{"Compress":true}}'
```
Replace <distribution-id> with the ID of the distribution you want to update.
After running the above command, the distribution configuration will be updated to enable automatic compression for web content.
Verify the changes by running the following command:
```
aws cloudfront get-distribution --id <distribution-id> --query "Distribution.DistributionConfig.DefaultCacheBehavior"
```
This will return the configuration of the default cache behavior for the distribution, which should now have the “Compress” property set to true.

By following the above steps, you can remediate the misconfiguration “CloudFront Web Distributions Should Automatically Compress Web Content” for AWS using AWS CLI.

Using Python

To remediate the misconfiguration of CloudFront web distributions not automatically compressing web content in AWS using Python, you can follow these steps:

Import the required AWS SDK modules using the following code:

import boto3
from botocore.exceptions import ClientError

Create a boto3 client for CloudFront using the following code:

client = boto3.client('cloudfront')

Get a list of all CloudFront distributions using the following code:

try:
    response = client.list_distributions()
    distributions = response['DistributionList']['Items']
except ClientError as e:
    print(e)

Iterate through each distribution and check if it has a default cache behavior with a gzip compression enabled using the following code:

for distribution in distributions:
    try:
        response = client.get_distribution_config(Id=distribution['Id'])
        config = response['DistributionConfig']
        if config['DefaultCacheBehavior']['Compress']:
            print(f"Gzip compression is already enabled for {distribution['Id']}")
        else:
            config['DefaultCacheBehavior']['Compress'] = True
            response = client.update_distribution(
                DistributionConfig=config,
                Id=distribution['Id'],
                IfMatch=response['ETag']
            )
            print(f"Gzip compression enabled for {distribution['Id']}")
    except ClientError as e:
        print(e)

Save the Python script and run it to remediate the misconfiguration.

This script will enable gzip compression for all CloudFront distributions that do not have it enabled by updating the default cache behavior of each distribution.

AWS Introduction

AWS Pricing

AWS Threats

AWS Misconfigurations

Cloudfront compress objects automatically remediation

Triage and Remediation

Remediation