Checks whether an API group in API Gateway is bound to a custom domain name and whether an SSL certificate is configured for the custom domain name.
Scenarios
You can configure an SSL certificate for a custom domain name to encrypt information and data. This secures data transmission.
Risk level
Default risk level: medium.
You can change the risk level as required when you apply this rule.
Compliance evaluation logic
- If the API group in API Gateway is bound to a custom domain name and an SSL certificate is configured for the custom domain name, the evaluation result is compliant.
- If the API group in API Gateway is not bound to a custom domain name, or the API group is bound to a custom domain name but no SSL certificate is configured for the custom domain name, the evaluation result is non-compliant. For more information about how to correct the non-compliant configuration, see Non-compliance remediation.
Rule details
| Item | Description |
|---|---|
| Rule name | api-gateway-group-enabled-ssl |
| Rule ID | api-gateway-group-enabled-ssl |
| Tag | API Gateway and ApiGroup |
| Automatic remediation | Not supported |
| Trigger type | Periodic execution |
| Time interval | 24 hours |
| Supported resource type | API resource |
| Input parameter | None |
Non-compliance remediation
Configure an SSL certificate for the custom domain name. For more information, see Enable HTTPS for an API operation.