API Gateway Does Not Have WAF ACL Attached

Overview

Checks if API Gateway Stage has a WAF ACL attached. Amazon supports protecting API Gateways with the AWS WAF. This is especially important for Internet-accessible API endpoints. However, you may be protecting your API gateway with other mechanisms, such as a different cloud-based WAF, in which case you should create an exemption.

Vendor

AWS

Cloud Service

API Gateway

APIGateway.4, CSMM v1 APP-03.3

References

https://docs.aws.amazon.com/securityhub/latest/userguide/account-controls.html#apigateway.4, https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-control-access-aws-waf.html#:~:text=Associate%20an%20AWS%20WAF%20regional%20web%20ACL%20with%20an%20API%20stage%20using%20the%20AWS%20WAF%20REST%20API, https://docs.aws.amazon.com/apigateway/latest/api/API_RestApi.html, https://docs.aws.amazon.com/apigateway/latest/api/API_Stage.html, https://docs.aws.amazon.com/apigateway/latest/developerguide/security-monitoring.html

Severity

Item Types

AWS::ApiGateway::RestApi

Overview​

Vendor​

Cloud Service​

Related Controls​

References​

Severity​

Item Types​