All Products
Search
Document Center

Cloud Config:api-gateway-group-domain-access-waf

Last Updated:Jun 16, 2026

Evaluates whether an API group in API Gateway is bound to a custom domain name that is added to Web Application Firewall (WAF). The configuration is compliant if both conditions are met.

Scenarios

Add a custom domain name bound to an API group in API Gateway to WAF to protect the domain name.

Risk level

Default risk level: medium.

You can change the risk level when you configure this rule.

Compliance evaluation logic

  • If an API group in API Gateway is bound to a custom domain name and the domain name is added to WAF, the configuration is compliant.
  • If an API group in API Gateway is not bound to a custom domain name, the configuration is non-compliant. If an API group is bound to a custom domain name but the domain name is not added to WAF, the configuration is also non-compliant. For more information about how to remediate the non-compliant configuration, see Non-compliance remediation.

Rule details

Item Description
Rule name api-gateway-group-domain-access-waf
Rule ID api-gateway-group-domain-access-waf
Tag ApiGateway and ApiGroup
Automatic remediation Not supported
Trigger type Periodic execution
Time interval All day
Supported resource type Domain name
Input parameter None

Non-compliance remediation

Bind an API group to a custom domain name and add the domain name to WAF. For more information, see Configure WAF.