β Repository β π Compliance Engine β π CloudAware β π AWS β π CloudFront
π‘οΈ AWS CloudFront Web Distribution Default Root Object is not configuredπ’
- Contextual name: π‘οΈ Web Distribution Default Root Object is not configuredπ’
- ID:
/ce/ca/aws/cloudfront/distribution-default-root-object - Tags:
- π’ Policy with categories
- π’ Policy with type
- π’ Production policy
- Policy Type:
BEST_PRACTICE - Policy Categories:
SECURITY
Logicβ
- π§ prod.logic.yamlπ’
Similar Policiesβ
- AWS Security Hub: [CloudFront.1] CloudFront distributions should have a default root object configured
- Internal:
dec-x-4f944d13
Similar Internal Rulesβ
| Rule | Policies | Flags |
|---|---|---|
| βοΈ dec-x-4f944d13 | 1 |
Descriptionβ
Descriptionβ
Ensure that AWS CloudFront Web Distributions are configured with a Default Root Object.
A Default Root Object (for example
index.html) is the object that CloudFront returns when a client requests the distributionβs root URL (e.g.,https://example.com/) rather than specifying a particular object in the distribution (e.g.,https://www.example.com/product-description.html).A Default Root Object is most appropriate when your distribution serves a website or static content entry point and you expect clients to access
/directly. Common scenarios include:
- Static websites or landing pages, ensuring that
GET /returns anindex.htmlor equivalent landing page.- Documentation hubs or singleβpage apps.
Conversely, you typically omit a Default Root Object when:
- Your distribution fronts APIs or microservices and clients always request specific paths.
- Your origin itself (e.g., a dynamic web server behind an ALB) handles root requests.
- You rely on routing logic via Lambda@Edge, CloudFront Functions, or S3 websiteβendpoint errorβpage configurations.
... see more
Remediationβ
Remediationβ
From Command Lineβ
You can update the Default Root Object by using the
--default-root-objectflag:aws cloudfront update-distribution \
--id {{distribution-id}} \
--default-root-object {{index.html}}