Evaluates whether the domain name bound to each API group in API Gateway is added to WAF or WAF 3.0. The evaluation result is Compliant if the domain name is added.
Scenarios
Adding the domain names bound to API groups to WAF provides comprehensive security protection, reduces malicious attacks and unauthorized access, enables real-time monitoring and logging, and ensures high availability and scalability of API operations.
Risk level
Default risk level: medium.
You can change the risk level based on your business requirements when you apply this rule.
Compliance evaluation logic
-
If the domain name bound to each API group in API Gateway is added to WAF or WAF 3.0, the evaluation result is Compliant.
-
If the domain name bound to an API group in API Gateway is not added to WAF or WAF 3.0, the evaluation result is Non-compliant.
Rule details
|
Parameter |
Description |
|
Rule name |
api-gateway-group-domain-access-waf-or-waf3 |
|
Rule identifier |
|
|
Tag |
ApiGateway and ApiGroup |
|
Automatic remediation |
Not supported |
|
Trigger type |
Periodic execution |
|
Evaluation frequency |
Every 24 hours |
|
Supported resource type |
API groups |
|
Input parameter |
None |
Non-compliance remediation
Add the domain names bound to API groups in API Gateway to WAF or WAF 3.0. For more information, see Integrate WAF.