API Gateway Endpoint Config is Not Private

  • Query id: 6b2739db-9c49-4db7-b980-7816e0c248c1
  • Query name: API Gateway Endpoint Config is Not Private
  • Platform: Terraform
  • Severity: Medium
  • Category: Networking and Firewall
  • URL: Github

Description

The API Endpoint type in API Gateway should be set to PRIVATE so it's not exposed to the public internet
Documentation

Code samples

Code samples with security vulnerabilities

Postitive test num. 1 - tf file
resource "aws_api_gateway_rest_api" "positive1" {
  name = "regional-example"

  endpoint_configuration {
    types = ["REGIONAL"]
  }
}

Code samples without security vulnerabilities

Negative test num. 1 - tf file
resource "aws_api_gateway_rest_api" "negative1" {
  name = "regional-example"

  endpoint_configuration {
    types = ["PRIVATE"]
  }
}