All Products
Search
Document Center

Cloud Config:API requests for publicly accessible APIs in API Gateway use HTTPS

Last Updated:Jun 16, 2026

If the request method of a publicly accessible API in API Gateway is set to HTTPS, the API is considered compliant.

Scenarios

Setting the API request method to HTTPS encrypts transmitted data and helps ensure secure communication.

Risk level

Default risk level: High.

You can change the risk level for this rule as needed.

Detection logic

  • If the request method of a publicly accessible API in API Gateway is set to HTTPS, the API is compliant.

  • If the request method of a publicly accessible API in API Gateway is not set to HTTPS, the API is non-compliant. For more information, see Corrective actions.

  • This rule does not apply to APIs restricted to internal network calls. Such APIs are marked as inapplicable.

Rule details

Parameter

Description

Rule name

API requests for publicly accessible APIs in API Gateway use HTTPS

Rule identifier

api-gateway-api-internet-request-https

Tag

ApiGateway, API

Automatic remediation

Not supported

Rule trigger mechanism

Configuration changes

Supported resource types

API resources

Rule parameters

None

Corrective actions

Enable HTTPS for API requests. For more information, see Support HTTPS.