API Gateway without WAF
- Query id: f5f38943-664b-4acc-ab11-f292fa10ed0b
- Query name: API Gateway without WAF
- Platform: Ansible
- Severity: Medium
- Category: Networking and Firewall
- CWE: 778
- URL: Github
Description¶
API Gateway should have WAF (Web Application Firewall) enabled
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - yaml file
- name: add test alb to waf string032
community.aws.wafv2_resources:
name: string03
scope: REGIONAL
state: present
arn: "arn:aws:apigateway:region::/restapis/api-id/stages/prod"
- name: Setup AWS API Gateway setup on AWS and deploy API definition2
community.aws.aws_api_gateway:
swagger_file: my_api.yml
stage: production
cache_enabled: true
cache_size: '1.6'
tracing_enabled: true
endpoint_type: EDGE
state: present
Code samples without security vulnerabilities¶
Negative test num. 1 - yaml file
- name: add test alb to waf string03
community.aws.wafv2_resources:
name: string03
scope: REGIONAL
state: present
arn: "arn:aws:apigateway:region::/restapis/api-id/stages/produ"
- name: Setup AWS API Gateway setup on AWS and deploy API definition
community.aws.aws_api_gateway:
swagger_file: my_api.yml
stage: produ
cache_enabled: true
cache_size: '1.6'
tracing_enabled: true
endpoint_type: EDGE
state: present