An API in API Gateway is considered compliant if its security authentication is set to JSON Web Token (JWT).
Scenarios
API Gateway uses JSON Web Token (JWT), a structured token, to implement a user-based authorization mechanism for API access, meeting custom security requirements.
Risk level
Default risk level: Medium.
You can change the risk level based on your business requirements.
Detection logic
-
An API in API Gateway is compliant if its security authentication is set to JWT.
-
An API in API Gateway is non-compliant if its security authentication is not set to JWT. To resolve this issue, see Remediation.
Rule details
|
Parameter |
Description |
|
Rule name |
Set API security authentication to JWT in API Gateway |
|
Rule identifier |
api-gateway-api-auth-jwt |
|
Tag |
ApiGateway, API |
|
Auto-remediation |
Not supported |
|
Trigger mechanism |
Periodic |
|
Trigger frequency |
24 hours |
|
Supported resource types |
API resources |
|
Input parameters |
None |
Remediation
Set the API security authentication to JWT. For more information, see JWT-based token authentication.