Link Search Menu Expand Document

CloudFront distribution uses outdated SSL/TLS protocols.

Explanation

You should not use outdated/insecure TLS versions for encryption. You should be using TLS v1.2+.

Insecure Example

The following example will fail the AWS021 check.

resource "aws_cloudfront_distribution" "s3_distribution" {
  viewer_certificate {
    cloudfront_default_certificate = true
	minimum_protocol_version = "TLSv1.0"
  }
}

Secure Example

The following example will pass the AWS021 check.

resource "aws_cloudfront_distribution" "s3_distribution" {
  viewer_certificate {
    cloudfront_default_certificate = true
	minimum_protocol_version = "TLSv1.2_2019"
  }
}