API Gateway Without SSL Certificate

  • Query id: b47b98ab-e481-4a82-8bb1-1ab39fd36e33
  • Query name: API Gateway Without SSL Certificate
  • Platform: Ansible
  • Severity: Medium
  • Category: Insecure Configurations
  • CWE: 295
  • URL: Github

Description

SSL Client Certificate should be enabled
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - yaml file
- name: update API
  aws_api_gateway:
    api_id: 'abc123321cba'
    state: present
    swagger_file: my_api.yml
    validate_certs: no
- name: update API v1
  aws_api_gateway:
    api_id: 'abc123321cba'
    state: present
    swagger_file: my_api.yml
- name: Setup AWS API Gateway setup on AWS and deploy API definition
  community.aws.aws_api_gateway:
    swagger_file: my_api.yml
    stage: production
    cache_enabled: true
    cache_size: '1.6'
    tracing_enabled: true
    endpoint_type: EDGE
    state: present
    validate_certs: no
- name: Setup AWS API Gateway setup on AWS and deploy API definition v1
  community.aws.aws_api_gateway:
    swagger_file: my_api.yml
    stage: production
    cache_enabled: true
    cache_size: '1.6'
    tracing_enabled: true
    endpoint_type: EDGE
    state: present

Code samples without security vulnerabilities

Negative test num. 1 - yaml file
- name: update API v2
  aws_api_gateway:
    api_id: abc123321cba
    state: present
    swagger_file: my_api.yml
    validate_certs: yes
- name: Setup AWS API Gateway setup on AWS and deploy API definition v2
  community.aws.aws_api_gateway:
    swagger_file: my_api.yml
    stage: production
    cache_enabled: true
    cache_size: '1.6'
    tracing_enabled: true
    endpoint_type: EDGE
    state: present
    validate_certs: yes