💼 [AppSync.5] AWS AppSync GraphQL APIs should not be authenticated with API keys

Contextual name: 💼 [AppSync.5] AWS AppSync GraphQL APIs should not be authenticated with API keys
ID: /frameworks/aws-fsbp-v1.0.0/appsync/05
Located in: 💼 AppSync

Description

An API key is a hard-coded value in your application that is generated by the AWS AppSync service when you create an unauthenticated GraphQL endpoint. If this API key is compromised, your endpoint is vulnerable to unintended access. Unless you are supporting a publicly accessible application or website, we don't recommend using an API key for authentication.

Similar

AWS Security Hub
- https://docs.aws.amazon.com/securityhub/latest/userguide/appsync-controls.html#appsync-5
Internal
- ID: dec-c-726a7099

Similar Sections (Give Policies To)

Section	Sub Sections	Internal Rules	Policies
💼 NIST SP 800-53 Revision 5 → 💼 AC-2(1) Account Management _ Automated System Account Management		4	16
💼 NIST SP 800-53 Revision 5 → 💼 AC-3 Access Enforcement	15	4	17
💼 NIST SP 800-53 Revision 5 → 💼 AC-3(7) Access Enforcement _ Role-based Access Control			7
💼 NIST SP 800-53 Revision 5 → 💼 AC-3(15) Access Enforcement _ Discretionary and Mandatory Access Control			10
💼 NIST SP 800-53 Revision 5 → 💼 AC-6 Least Privilege	10	21	26

Sub Sections

Section	Sub Sections	Internal Rules	Policies	Flags

Description​

Similar​

Similar Sections (Give Policies To)​

Sub Sections​

Description

Similar

Similar Sections (Give Policies To)

Sub Sections