Triage and Remediation
Remediation
Using Console
Using Console
To remediate the misconfiguration “CloudFront Distributions Should Have Field-Level Encryption Enabled” in AWS using AWS console, follow the below steps:
- Login to AWS Management Console.
- Go to the CloudFront service.
- Select the CloudFront distribution for which you want to enable field-level encryption.
- Click on the “Edit” button in the top menu.
- Scroll down to the “Security and Privacy” section.
- In the “Field-level Encryption Config” section, click on the “Create Field-level Encryption Config” button.
- In the “Create Field-level Encryption Config” dialog box, enter a name for the configuration and click on the “Create” button.
- In the “Field-level Encryption Config” section, select the newly created configuration from the dropdown list.
- Click on the “Yes, Edit” button to save the changes.
- Finally, click on the “Save Changes” button to complete the remediation.
Using CLI
Using CLI
To remediate the misconfiguration of CloudFront distributions not having field-level encryption enabled in AWS using AWS CLI, follow these steps:Replace This command will return the current configuration for your CloudFront distribution. Verify that the
- Open the AWS CLI on your local machine and run the following command to enable field-level encryption for your CloudFront distribution:
DISTRIBUTION_ID with the ID of your CloudFront distribution and FIELD_LEVEL_ENCRYPTION_ID with the ID of the field-level encryption configuration that you want to use.- Verify that field-level encryption is enabled for your CloudFront distribution by running the following command:
FieldLevelEncryptionId parameter is set to the ID of the field-level encryption configuration that you specified in step 1.- Test your CloudFront distribution to ensure that field-level encryption is working as expected.
Using Python
Using Python
To remediate the misconfiguration “CloudFront Distributions Should Have Field-Level Encryption Enabled” in AWS using Python, you can follow the below steps:
- Import the Boto3 library:
- Create a CloudFront client object:
- Get the list of CloudFront distributions:
- Loop through each distribution and check if field-level encryption is enabled:
- If field-level encryption is not enabled, enable it by adding a field-level encryption configuration:
-
Replace the
unique_reference_string,profile_name,public_key_id,provider_id,profile_id,content_type,example.com,unique_id, andbucket_namewith the appropriate values for your CloudFront distribution. - Save the Python script and execute it to remediate the “CloudFront Distributions Should Have Field-Level Encryption Enabled” misconfiguration in AWS.