prowler icon indicating copy to clipboard operation
prowler copied to clipboard
verified publisher icon prowler-cloud

feat(cloudfront): Ensure Cloudfront distributions have origin failover configured

Open HugoPBrito opened this issue 1 year ago • 1 comments

Context

This check ensures that Amazon CloudFront distributions have origin failover configured to enhance availability. This PR uses code from PR-4867.

Description

The check verifies that CloudFront distributions use an origin group with multiple origins (2 at least). Origin failover helps maintain high availability by redirecting traffic to a secondary origin if the primary origin fails.

Checklist

  • Are there new checks included in this PR? Yes
    • If so, do we need to update permissions for the provider? I do not think so
  • [x] Review if the code is being covered by tests.
  • [x] Review if code is being documented following this specification https://github.com/google/styleguide/blob/gh-pages/pyguide.md#38-comments-and-docstrings

License

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

HugoPBrito avatar Aug 26 '24 18:08 HugoPBrito

Codecov Report

Attention: Patch coverage is 90.00000% with 2 lines in your changes missing coverage. Please review.

Project coverage is 89.03%. Comparing base (600a8c7) to head (bab5ec4). Report is 1240 commits behind head on master.

Additional details and impacted files 
@@            Coverage Diff             @@
##           master    #4868      +/-   ##
==========================================
+ Coverage   88.94%   89.03%   +0.09%     
==========================================
  Files         956      966      +10     
  Lines       29315    29547     +232     
==========================================
+ Hits        26073    26307     +234     
+ Misses       3242     3240       -2
Components Coverage Δ
prowler 89.03% <90.00%> (+0.09%) :arrow_up:
api ∅ <ø> (∅)

codecov[bot] avatar Aug 26 '24 19:08 codecov[bot]

After conducting a more extensive research, I discovered that while CloudFront distributions can have more than two origins, only two can be configured simultaneously. The new logic leverages this restriction to set a boolean, resulting in a more streamlined, simple, yet effective service structure and check logic.

HugoPBrito avatar Sep 02 '24 11:09 HugoPBrito