Serverless API Endpoint Config Not Private
- Query id: 4d424558-c6d1-453c-be98-9a7f877abd9a
- Query name: Serverless API Endpoint Config Not Private
- Platform: ServerlessFW
- Severity: Medium
- Category: Networking and Firewall
- CWE: 668
- URL: Github
Description¶
Serverless should have endpointType set to 'PRIVATE'. This way, it's not exposed to the public internet
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - yml file
service: my-service
frameworkVersion: '2'
provider:
name: aws
functions:
hello:
events:
- http:
path: user/create
method: get
Positive test num. 2 - yml file
service: my-service
frameworkVersion: '2'
provider:
name: aws
endpointType: REGIONAL
functions:
hello:
events:
- http:
path: user/create
method: get