Evaluates whether an API group in API Gateway is bound to a custom domain name that is added to Web Application Firewall (WAF). The configuration is compliant if both conditions are met.
Scenarios
Add a custom domain name bound to an API group in API Gateway to WAF to protect the domain name.
Risk level
Default risk level: medium.
You can change the risk level when you configure this rule.
Compliance evaluation logic
- If an API group in API Gateway is bound to a custom domain name and the domain name is added to WAF, the configuration is compliant.
- If an API group in API Gateway is not bound to a custom domain name, the configuration is non-compliant. If an API group is bound to a custom domain name but the domain name is not added to WAF, the configuration is also non-compliant. For more information about how to remediate the non-compliant configuration, see Non-compliance remediation.
Rule details
| Item | Description |
| Rule name | api-gateway-group-domain-access-waf |
| Rule ID | api-gateway-group-domain-access-waf |
| Tag | ApiGateway and ApiGroup |
| Automatic remediation | Not supported |
| Trigger type | Periodic execution |
| Time interval | All day |
| Supported resource type | Domain name |
| Input parameter | None |
Non-compliance remediation
Bind an API group to a custom domain name and add the domain name to WAF. For more information, see Configure WAF.