fix(cloudfront_distributions_https_enabled): Add default case (#2329)

Co-authored-by: Sergio Garcia <sergargar1@gmail.com>
2026-02-10 23:05:05 +00:00 · 2023-05-09 11:09:18 +02:00
parent cba2ee3622
commit 3244123b21
2 changed files with 7 additions and 9 deletions
--- a/prowler/providers/aws/services/cloudfront/cloudfront_distributions_https_enabled/cloudfront_distributions_https_enabled.py
+++ b/prowler/providers/aws/services/cloudfront/cloudfront_distributions_https_enabled/cloudfront_distributions_https_enabled.py
@@ -16,14 +16,8 @@ class cloudfront_distributions_https_enabled(Check):
            report.resource_arn = distribution.arn
            report.resource_id = distribution.id
            report.resource_tags = distribution.tags
+
            if (
-                distribution.default_cache_config
-                and distribution.default_cache_config.viewer_protocol_policy
-                == ViewerProtocolPolicy.allow_all
-            ):
-                report.status = "FAIL"
-                report.status_extended = f"CloudFront Distribution {distribution.id} viewers can use HTTP or HTTPS"
-            elif (
                distribution.default_cache_config
                and distribution.default_cache_config.viewer_protocol_policy
                == ViewerProtocolPolicy.redirect_to_https
@@ -41,6 +35,10 @@ class cloudfront_distributions_https_enabled(Check):
                report.status_extended = (
                    f"CloudFront Distribution {distribution.id} has HTTPS only"
                )
+            else:
+                report.status = "FAIL"
+                report.status_extended = f"CloudFront Distribution {distribution.id} viewers can use HTTP or HTTPS"
+
            findings.append(report)

        return findings
--- a/prowler/providers/aws/services/cloudfront/cloudfront_service.py
+++ b/prowler/providers/aws/services/cloudfront/cloudfront_service.py
@@ -83,7 +83,7 @@ class CloudFront:
                ]["WebACLId"]

                # Default Cache Config
-                default_chache_config = DefaultCacheConfigBehaviour(
+                default_cache_config = DefaultCacheConfigBehaviour(
                    realtime_log_config_arn=distribution_config["DistributionConfig"][
                        "DefaultCacheBehavior"
                    ].get("RealtimeLogConfigArn"),
@@ -96,7 +96,7 @@ class CloudFront:
                )
                distributions[
                    distribution_id
-                ].default_cache_config = default_chache_config
+                ].default_cache_config = default_cache_config

        except Exception as error:
            logger.error(