Description:

When You can configure Cloud Front to return a specific object (the default root object) when a user requests the root URL for your distribution instead of requesting an object in your distribution. Specifying a default root object lets you avoid exposing the contents of your distribution.

Rationale:

The behavior of Cloud Front default root objects is different from the behavior of Amazon S3 index documents. When you configure an Amazon S3 bucket as a website and specify the index document, Amazon S3 returns the index document even if a user requests a subdirectory in the bucket

Impact:

Using AWS Cloud Front CDN service can have a significant impact on the performance, security, reliability, and availability of your websites/applications content delivery process. Cloud Front has several advantages over other Content Delivery Network providers is fast using a global network of 59 edge locations, Cloud Front caches and delivers copies of your static content close to users with minimal latency, is secure - enforces HTTPS connections between the service edge locations and your origin server and can be integrated with AWS WAF.

Default Value:

By Default, Distribution State is Enabled.

Pre-Requisite:

  1. Upload the default root object to the origin that your distribution points to.

  2. Confirm that the permissions for the object grant Cloud Front at least read access.

  3. Update your distribution to refer to the default root object using the Cloud Front console or API.

Remediation:

To avoid exposing the contents of your distribution or returning an error, specify a default root object for your distribution by completing the following steps


Test Plan:

  1. Sign in to the AWS Management Console.

  2. Open the Cloud Front console at https://console.aws.amazon.com/cloudfront/v3/home.

  3. In the left navigation panel, click Distributions

  4. Go to General tab, scroll down you will find default root object if you don't find any object defined the follow the implementation steps

Using AWS CLI: 

aws cloudfront get-distribution-config --id EDFDVBD6EXAMPLE

if you get out as 

 "DefaultRootObject": 

then follow the implementation steps

Implementation Steps:

To specify a default root object using the Cloud Front console:

  1. Sign in to the AWS Management Console 

  2. Open the Cloud Front console at https://console.aws.amazon.com/cloudfront/v3/home.

  3. In the left navigation panel, click Distributions

  4. In General tab, click on edit

  5. In the Edit Distribution dialog box, in the Default Root Object field, enter the file name of the default root object.

    Note: Enter only the object name, for example, index.html. Do not add a / before the object name.

  6. To save your changes, choose Yes, Edit.

  7. Confirm that you have enabled the default root object by requesting your root URL.

Using AWS CLI:

aws cloudfront update-distribution --id EDFDVBD6EXAMPLE \
--default-root-object index.html


Back out Plan:

If you want to revoke or change, then in the Edit distribution setting after that you can select Edit in that section you can remove the configuration.

Reference:

Values that you specify when you create or update a distribution - Amazon CloudFront 

https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/DefaultRootObject.html#DefaultRootObjectHowToDefine