AWS Config
Developer Guide

cloudfront-viewer-policy-https

Checks whether your Amazon CloudFront distributions use HTTPS (directly or via a redirection). The rule is NON_COMPLIANT if the value of ViewerProtocolPolicy is set to allow-all for defaultCacheBehavior or for cacheBehaviors. This means that the rule is non compliant when viewers can use HTTP or HTTPS.

Identifier: CLOUDFRONT_VIEWER_POLICY_HTTPS

Trigger type: Configuration changes

Parameters:

None

AWS CloudFormation template

To create AWS Config managed rules with AWS CloudFormation templates, see Creating AWS Config Managed Rules With AWS CloudFormation Templates.