API Gateway without WAF

• Query id: f5f38943-664b-4acc-ab11-f292fa10ed0b
• Query name: API Gateway without WAF
• Platform: Ansible
• Severity: Medium
• Category: Networking and Firewall
• URL: Github

Description

API Gateway should have WAF (Web Application Firewall) enabled
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - yaml file

- name: add test alb to waf string032
  community.aws.wafv2_resources:
    name: string03
    scope: REGIONAL
    state: present
    arn: "arn:aws:apigateway:region::/restapis/api-id/stages/prod"
- name: Setup AWS API Gateway setup on AWS and deploy API definition2
  community.aws.aws_api_gateway:
    swagger_file: my_api.yml
    stage: production
    cache_enabled: true
    cache_size: '1.6'
    tracing_enabled: true
    endpoint_type: EDGE
    state: present

Code samples without security vulnerabilities

Negative test num. 1 - yaml file

- name: add test alb to waf string03
  community.aws.wafv2_resources:
    name: string03
    scope: REGIONAL
    state: present
    arn: "arn:aws:apigateway:region::/restapis/api-id/stages/produ"
- name: Setup AWS API Gateway setup on AWS and deploy API definition
  community.aws.aws_api_gateway:
    swagger_file: my_api.yml
    stage: produ
    cache_enabled: true
    cache_size: '1.6'
    tracing_enabled: true
    endpoint_type: EDGE
    state: present