API Gateway Cache Encrypted Disabled
- Query id: 37cca703-b74c-48ba-ac81-595b53398e9b
- Query name: API Gateway Cache Encrypted Disabled
- Platform: CloudFormation
- Severity: High
- Category: Encryption
- CWE: 316
- URL: Github
Description¶
'API::Gateway::Deployment' should have 'CacheDataEncrypted' enabled when 'CachingEnabled' is set to true
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - yaml file
Resources:
Deployment:
Type: 'AWS::ApiGateway::Deployment'
Properties:
RestApiId: !Ref MyApi
Description: My deployment
StageName: DummyStage
StageDescription:
CachingEnabled: true
Positive test num. 2 - json file
{
"Resources": {
"Deployment": {
"Type": "AWS::ApiGateway::Deployment",
"Properties": {
"RestApiId": {
"Ref": "MyApi"
},
"Description": "My deployment",
"StageName": "DummyStage",
"StageDescription": {
"CachingEnabled": true
}
}
}
}
}
Positive test num. 3 - yaml file
Resources:
Deployment:
Type: 'AWS::ApiGateway::Deployment'
Properties:
RestApiId: !Ref MyApi
Description: My deployment
StageName: DummyStage
StageDescription:
CacheDataEncrypted: false
CachingEnabled: true