If the request method of a publicly accessible API in API Gateway is set to HTTPS, the API is considered compliant.
Scenarios
Setting the API request method to HTTPS encrypts transmitted data and helps ensure secure communication.
Risk level
Default risk level: High.
You can change the risk level for this rule as needed.
Detection logic
-
If the request method of a publicly accessible API in API Gateway is set to HTTPS, the API is compliant.
-
If the request method of a publicly accessible API in API Gateway is not set to HTTPS, the API is non-compliant. For more information, see Corrective actions.
-
This rule does not apply to APIs restricted to internal network calls. Such APIs are marked as inapplicable.
Rule details
|
Parameter |
Description |
|
Rule name |
API requests for publicly accessible APIs in API Gateway use HTTPS |
|
Rule identifier |
api-gateway-api-internet-request-https |
|
Tag |
ApiGateway, API |
|
Automatic remediation |
Not supported |
|
Rule trigger mechanism |
Configuration changes |
|
Supported resource types |
API resources |
|
Rule parameters |
None |
Corrective actions
Enable HTTPS for API requests. For more information, see Support HTTPS.