API Gateway Endpoint Config is Not Private

  • Query id: 559439b2-3e9c-4739-ac46-17e3b24ec215
  • Query name: API Gateway Endpoint Config is Not Private
  • Platform: Ansible
  • Severity: Medium
  • Category: Networking and Firewall
  • CWE: 285
  • URL: Github

Description

The API Endpoint type in API Gateway should be set to PRIVATE so it's not exposed to the public internet
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - yaml file
- name: Setup AWS API Gateway setup on AWS and deploy API definition
  community.aws.aws_api_gateway:
    swagger_file: my_api.yml
    stage: production
    cache_enabled: true
    cache_size: '1.6'
    tracing_enabled: true
    endpoint_type: EDGE
    state: present

Code samples without security vulnerabilities

Negative test num. 1 - yaml file
- name: Setup AWS API Gateway setup on AWS and deploy API definition
  community.aws.aws_api_gateway:
    swagger_file: my_api.yml
    stage: production
    cache_enabled: true
    cache_size: '1.6'
    tracing_enabled: true
    endpoint_type: PRIVATE
    state: present