Control: API Gateway REST API endpoint type should be configured to private
Description
This control checks whether API Gateway endpoint is public or private. This rule is non-compliant if API Gateway endpoint is public.
Usage
Run the control in your terminal:
powerpipe control run aws_compliance.control.apigateway_rest_api_endpoint_restrict_public_accessSnapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run aws_compliance.control.apigateway_rest_api_endpoint_restrict_public_access --shareSQL
This control uses a named query:
select 'arn:' || partition || ':apigateway:' || region || '::/apis/' || api_id as resource, case when endpoint_configuration_types ? 'PRIVATE' then 'ok' else 'alarm' end as status, case when endpoint_configuration_types ? 'PRIVATE' then name || ' not publicly accessible.' else name || ' publicly accessible.' end as reason , region, account_idfrom aws_api_gateway_rest_api;