Benchmark: API Gateway
Description
This section contains recommendations for configuring API Gateway resources.
Usage
Install the mod:
mkdir dashboardscd dashboardspowerpipe mod initpowerpipe mod install github.com/turbot/steampipe-mod-aws-complianceStart the Powerpipe server:
steampipe service startpowerpipe serverOpen http://localhost:9033 in your browser and select API Gateway.
Run this benchmark in your terminal:
powerpipe benchmark run aws_compliance.benchmark.all_controls_apigatewaySnapshot and share results via Turbot Pipes:
powerpipe benchmark run aws_compliance.benchmark.all_controls_apigateway --shareControls
- API Gateway methods authorizer should be configured
- API Gateway methods request parameter should be validated
- API Gateway REST API public endpoints should be configured with authorizer
- API Gateway routes should specify an authorization type
- API Gateway V2 authorizer should be configured
- API Gateway stages should have authorizers configured
- API Gateway REST API endpoint type should be configured to private
- API Gateway stage should uses SSL certificate
- API Gateway REST API stages should have AWS X-Ray tracing enabled
- API Gateway stage cache encryption at rest should be enabled
- API Gateway stage logging should be enabled
- API Gateway stage should be associated with waf
- Access logging should be configured for API Gateway V2 Stages