An API Gateway instance is compliant if IPv4 access control is enabled with a valid access control list.
Scenarios
Checks whether an API Gateway instance has IPv4 access control enabled with a valid access control list, preventing unauthorized IP access and improving API security.
Risk level
Default risk level: Medium.
You can change the risk level as needed.
Detection logic
-
An API Gateway instance is compliant if it has IPv4 access control enabled and a valid access control list is set.
Rule details
|
Parameter |
Description |
|
Rule name |
Enable IPv4 access control and set a valid access control list for an API Gateway instance |
|
Rule identifier |
|
|
Tag |
ApiGateway |
|
Automatic remediation |
Not supported |
|
Rule trigger |
Periodic |
|
Trigger frequency |
24 hours |
|
Supported resource types |
ACS::ApiGateway::Instance |
|
Input parameters |
None |
Remediation
To remediate a non-compliant resource, see Use instance access control policy groups to implement access control.