API Gateway Endpoint Config is Not Private
- Query id: 6b2739db-9c49-4db7-b980-7816e0c248c1
- Query name: API Gateway Endpoint Config is Not Private
- Platform: Terraform
- Severity: Medium
- Category: Networking and Firewall
- URL: Github
Description¶
The API Endpoint type in API Gateway should be set to PRIVATE so it's not exposed to the public internet
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - tf file
resource "aws_api_gateway_rest_api" "positive1" {
name = "regional-example"
endpoint_configuration {
types = ["REGIONAL"]
}
}