API Gateway Without Security Policy
- Query id: 4e1cc5d3-2811-4fb2-861c-ee9b3cb7f90b
- Query name: API Gateway Without Security Policy
- Platform: Terraform
- Severity: Medium
- Category: Insecure Configurations
- CWE: 326
- URL: Github
Description¶
API Gateway should have a Security Policy defined and use TLS 1.2.
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - tf file
resource "aws_api_gateway_domain_name" "example" {
domain_name = "api.example.com"
}
Positive test num. 2 - tf file
resource "aws_api_gateway_domain_name" "example2" {
domain_name = "api.example.com"
security_policy = "TLS_1_0"
}