Checks whether the security authentication method of an API in API Gateway is set to an Alibaba Cloud application or a specific type of plug-in.
Scenarios
You can configure a proper security authentication method for an API in API Gateway to reduce business security risks.
Risk level
Default risk level: medium.
You can change the risk level as required when you apply this rule.
Compliance evaluation logic
- If the security authentication method of the API in API Gateway is set to an Alibaba Cloud application or a specific type of plug-in, the evaluation result is compliant.
- If the security authentication method of the API in API Gateway is not set to an Alibaba Cloud application or a specific type of plug-in, the evaluation result is non-compliant.
Rule details
| Item | Description |
|---|---|
| Rule name | api-gateway-api-auth-required |
| Rule ID | api-gateway-api-auth-required |
| Tag | API and ApiGateway |
| Automatic remediation | Not supported |
| Trigger type | Periodic execution |
| Time interval | 24 hours |
| Supported resource type | API resource |
| Input parameter | PluginType |