💼 [AppSync.5] AWS AppSync GraphQL APIs should not be authenticated with API keys
- ID:
/frameworks/aws-fsbp-v1.0.0/appsync/05
Stats​
not available
Description​
An API key is a hard-coded value in your application that is generated by the AWS AppSync service when you create an unauthenticated GraphQL endpoint. If this API key is compromised, your endpoint is vulnerable to unintended access. Unless you are supporting a publicly accessible application or website, we don't recommend using an API key for authentication.
Similar​
- AWS Security Hub
- Internal
- ID:
dec-c-726a7099
- ID:
Similar Sections (Give Policies To)​
| Section | Sub Sections | Internal Rules | Policies | Flags | Compliance |
|---|---|---|---|---|---|
| 💼 NIST SP 800-53 Revision 5 → 💼 AC-2(1) Account Management _ Automated System Account Management | 4 | 32 | no data | ||
| 💼 NIST SP 800-53 Revision 5 → 💼 AC-3 Access Enforcement | 15 | 6 | 66 | no data | |
| 💼 NIST SP 800-53 Revision 5 → 💼 AC-3(7) Access Enforcement _ Role-based Access Control | 36 | no data | |||
| 💼 NIST SP 800-53 Revision 5 → 💼 AC-3(15) Access Enforcement _ Discretionary and Mandatory Access Control | 27 | no data | |||
| 💼 NIST SP 800-53 Revision 5 → 💼 AC-6 Least Privilege | 10 | 23 | 78 | no data |
Sub Sections​
| Section | Sub Sections | Internal Rules | Policies | Flags | Compliance |
|---|