Checks whether HTTPS force redirect is enabled for all public independent domains in an API Gateway group. The group is compliant if all public independent domains have HTTPS force redirect enabled. If no independent domains exist in the group, the rule is not applicable.
Scenarios
Verifies that all public independent domains in an API Gateway group have HTTPS force redirect enabled, ensuring secure communication for external services.
Risk level
Default risk level: High.
You can change the risk level as needed.
Detection logic
-
Checks whether HTTPS force redirect is enabled for all public independent domains in an API Gateway group. The group is compliant if all public independent domains have HTTPS force redirect enabled. If no independent domains exist in the group, the rule is not applicable.
Rule details
|
Parameter |
Description |
|
Rule name |
Enable HTTPS force redirect for independent domains in API groups |
|
Rule identifier |
|
|
Tag |
ApiGroup |
|
Automatic remediation |
Not supported |
|
Rule trigger mechanism |
Configuration changes |
|
Supported resource types |
ACS::ApiGateway::ApiGroup |
|
Input parameters |
None |