cloudfront-traffic-to-origin-encrypted - AWS Config
AWS CloudFormation template

cloudfront-traffic-to-origin-encrypted

Checks if Amazon CloudFront distributions are encrypting traffic to custom origins. The rule is NON_COMPLIANT if ‘OriginProtocolPolicy’ is ‘http-only’ or if ‘OriginProtocolPolicy’ is ‘match-viewer’ and ‘ViewerProtocolPolicy’ is ‘allow-all’.

Identifier: CLOUDFRONT_TRAFFIC_TO_ORIGIN_ENCRYPTED

Resource Types: AWS::CloudFront::Distribution

Trigger type: Configuration changes

AWS Region: Only available in US East (N. Virginia) Region

Parameters:

None

AWS CloudFormation template

To create AWS Config managed rules with AWS CloudFormation templates, see Creating AWS Config Managed Rules With AWS CloudFormation Templates.