Benchmark: API Gateway
Overview
This section contains recommendations for configuring API Gateway resources.
Usage
Install the mod:
mkdir dashboardscd dashboardspowerpipe mod initpowerpipe mod install github.com/turbot/steampipe-mod-aws-compliance
Start the Powerpipe server:
steampipe service startpowerpipe server
Open http://localhost:9033 in your browser and select API Gateway.
Run this benchmark in your terminal:
powerpipe benchmark run aws_compliance.benchmark.foundational_security_apigateway
Snapshot and share results via Turbot Pipes:
powerpipe benchmark run aws_compliance.benchmark.foundational_security_apigateway --share
Controls
- 1 API Gateway REST and WebSocket API logging should be enabled
- 2 API Gateway REST API stages should be configured to use SSL certificates for backend authentication
- 3 API Gateway REST API stages should have AWS X-Ray tracing enabled
- 4 API Gateway should be associated with an AWS WAF web ACL
- 5 API Gateway REST API cache data should be encrypted at rest
- 8 API Gateway routes should specify an authorization type
- 9 Access logging should be configured for API Gateway V2 Stages