Don't allow HTTP access to CloudFront
You can configure one or more cache behaviors in your CloudFront distribution to require HTTPS for communication with CloudFront.
There are three policies for the viewer protocol : https and https
, redirect http to https
, and only https
.
The first one allows HTTP, which is not recommended for security reasons. Thus you should select the second or third option to always have safe communication. Be aware that there might be additional cache behaviors other than the default one.
Useful links
Source: AWS Documentation