API Gateway Without SSL Certificate

• Query id: f27791a5-e2ae-4905-8910-6f995c576d09
• Query name: API Gateway Without SSL Certificate
• Platform: Pulumi
• Severity: Medium
• Category: Insecure Configurations
• URL: Github

Description

SSL Client Certificate should be defined
Documentation

Code samples

Code samples with security vulnerabilities

Postitive test num. 1 - yaml file

name: aws-eks
runtime: yaml
description: An EKS cluster
resources:
  example:
    type: aws:apigatewayv2:Stage
    properties:
      apiId: ${aws_apigatewayv2_api.example.id}

Code samples without security vulnerabilities

Negative test num. 1 - yaml file

name: aws-eks
runtime: yaml
description: An EKS cluster
resources:
  example:
    type: aws:apigatewayv2:Stage
    properties:
      apiId: ${aws_apigatewayv2_api.example.id}
      clientCertificateId: 12131323a