API Gateway Endpoint Config is Not Private
- Query id: 4a8daf95-709d-4a36-9132-d3e19878fa34
- Query name: API Gateway Endpoint Config is Not Private
- Platform: CloudFormation
- Severity: Medium
- Category: Networking and Firewall
- CWE: 668
- URL: Github
Description¶
The API Endpoint type in API Gateway should be set to PRIVATE so it's not exposed to the public internet
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - yaml file
AWSTemplateFormatVersion: 2010-09-09
Resources:
MyRestApi:
Type: AWS::ApiGateway::RestApi
Properties:
Name: myRestApi
MyRestApi2:
Type: AWS::ApiGateway::RestApi
Properties:
EndpointConfiguration:
Types:
- EDGE
Name: myRestApi2
Positive test num. 2 - json file
{
"AWSTemplateFormatVersion": "2010-09-09T00:00:00Z",
"Resources": {
"MyRestApi": {
"Type": "AWS::ApiGateway::RestApi",
"Properties": {
"Name": "myRestApi"
}
},
"MyRestApi2": {
"Type": "AWS::ApiGateway::RestApi",
"Properties": {
"EndpointConfiguration": {
"Types": [
"EDGE"
]
},
"Name": "myRestApi2"
}
}
}
}