π AWS API Gateway REST API Stage is not associated with a WAF Web ACL π’
- Contextual name: π REST API Stage is not associated with a WAF Web ACL π’
- ID:
/ce/ca/aws/apigateway/rest-api-stage-waf-web-acl - Located in: π AWS API Gateway
Flagsβ
- π’ Policy with categories
- π’ Policy with type
- π’ Production policy
Our Metadataβ
- Policy Type:
COMPLIANCE_POLICY - Policy Category:
SECURITY
Similar Policiesβ
- Internal
dec-x-bfdadcc4
Similar Internal Rulesβ
| Rule | Policies | Flags |
|---|---|---|
| βοΈ dec-x-bfdadcc4 | 1 |
Logicβ
- π§ prod.logic.yaml π’
Descriptionβ
Descriptionβ
Associate AWS API Gateway REST API stages with a WAF Web ACL to provide enhanced security against web application threats. AWS WAF is a web application firewall designed to block, allow, or count web requests based on customizable rules and security conditions that you define. Linking your API Gateway stage with an AWS WAF Web ACL helps safeguard your APIs from common exploits, such as SQL injection and cross-site scripting (XSS), and other malicious activities targeting your APIs.
Rationaleβ
Configuring AWS WAF Web ACLs for API Gateway stages improves overall security posture by implementing rule-based traffic filtering. This measure defends against automated attacks, unauthorized access, and other malicious web activities. It also enables security teams to monitor and audit traffic patterns, allowing proactive adjustments to security configurations. Without a WAF Web ACL in place, APIs are vulnerable to various attack vectors, which could lead to unauthorized access, data breaches, and disruption of services.
... see more
Remediationβ
Remediationβ
From Command Lineβ
Associate an AWS WAF Web ACL with an API Gateway API Stageβ
You can link an AWS WAF Web ACL to an API Gateway Stage by running the
associate-web-aclcommand:aws wafv2 associate-web-acl \
--web-acl-arn {{web-acl-arn}} \
--resource-arn {{api-gateway-stage-arn}}Replace
{{web-acl-arn}}with the ARN of your Web ACL and{{api-gateway-stage-arn}}with the ARN of your API Gateway Stage.