Amazon CloudFront is a content delivery network (CDN) service provided by Amazon Web Services that securely delivers data, videos, applications, and APIs to customers globally with low latency and high transfer speeds. CloudFront uses SSL/TLS certificates to protect data in transit between clients and CloudFront edge locations.

The AWS CloudFront Plugin is a discovery tool that connects to your AWS account to scan and extract certificate information from CloudFront distributions. It retrieves certificates deployed on CloudFront distributions along with their configuration context, validates certificate formats according to RFC 7468 standards, and exports certificate data in a standardized format for certificate inventory and compliance management purposes.

Features

• Certificate Discovery: Scans and discovers all certificates deployed on CloudFront distributions
• Distribution Context: Provides CloudFront distribution configuration context for each certificate (domain names, origins, cache behaviors)
• RFC 7468 Compliance: Ensures extracted certificate data conforms to RFC 7468 PEM encoding standards
• Flexible Authentication: Supports both permanent IAM credentials and temporary session tokens
• Multi-Region Support: Can scan CloudFront distributions from any AWS region
• Standardized Output: Generates certificate scan results in consistent JSON format with URN generation
• Comprehensive Validation: Includes configuration validation and schema generation
• Security-First Design: Handles sensitive credentials securely with masked input fields