Overview
Enforce HTTPS for your Amazon CloudFront distributions to enhance security and ensure data integrity. This plan helps you assess, configure, apply, and validate HTTPS enforcement. It guides you through CloudFront distribution selection, applies the necessary settings, and finally verifies that changes are operational.
Execution Details
1. Assessment Phase – Distribution Selection
- List CloudFront Distributions: Retrieve and present your distributions to help you identify the correct distribution to update.
- Select CloudFront Configuration: Gather the CloudFront Distribution ID and viewer protocol policy preference ('redirect-to-https' or 'https-only') from the user.
2. Summary Phase – Confirm Setup
- Review & Confirm CloudFront Setup: Present the selected CloudFront distribution details and chosen protocol policy. Confirm that the configuration is correct before proceeding.
3. Configuration Phase – Apply HTTPS Enforcement
- Retrieve Distribution Config: Fetch the current CloudFront configuration and ETag to prepare for update.
- Modify ViewerProtocolPolicy: Apply the selected viewer protocol policy ('redirect-to-https' or 'https-only') to the configuration.
- Update CloudFront Distribution: Use the AWS CLI to apply the updated configuration.
4. Validation Phase – Confirm HTTPS Enforcement
- Confirm Distribution Config: Re-fetch the updated configuration to confirm that the correct ViewerProtocolPolicy is applied.
- Manual HTTPS Test: Perform curl-based manual testing to validate HTTP redirection or denial and HTTPS success.
Each phase ensures your CloudFront distributions are securely configured to enforce HTTPS, with validation at every step to guarantee reliable and secure operation.