All Products
Search
Document Center

Cloud Config:api-gateway-group-domain-access-waf-or-waf3

Last Updated:Jun 23, 2026

Evaluates whether the domain name bound to each API group in API Gateway is added to WAF or WAF 3.0. The evaluation result is Compliant if the domain name is added.

Scenarios

Adding the domain names bound to API groups to WAF provides comprehensive security protection, reduces malicious attacks and unauthorized access, enables real-time monitoring and logging, and ensures high availability and scalability of API operations.

Risk level

Default risk level: medium.

You can change the risk level based on your business requirements when you apply this rule.

Compliance evaluation logic

  • If the domain name bound to each API group in API Gateway is added to WAF or WAF 3.0, the evaluation result is Compliant.

  • If the domain name bound to an API group in API Gateway is not added to WAF or WAF 3.0, the evaluation result is Non-compliant.

Rule details

Parameter

Description

Rule name

api-gateway-group-domain-access-waf-or-waf3

Rule identifier

api-gateway-group-domain-access-waf-or-waf3

Tag

ApiGateway and ApiGroup

Automatic remediation

Not supported

Trigger type

Periodic execution

Evaluation frequency

Every 24 hours

Supported resource type

API groups

Input parameter

None

Non-compliance remediation

Add the domain names bound to API groups in API Gateway to WAF or WAF 3.0. For more information, see Integrate WAF.