Benchmark: API Gateway
Description
This benchmark provides a set of controls that detect Terraform AWS API Gateway resources deviating from security best practices.
Usage
Install the mod:
mkdir dashboardscd dashboardspowerpipe mod initpowerpipe mod install github.com/turbot/steampipe-mod-terraform-aws-complianceStart the Powerpipe server:
steampipe service startpowerpipe serverOpen http://localhost:9033 in your browser and select API Gateway.
Run this benchmark in your terminal:
powerpipe benchmark run terraform_aws_compliance.benchmark.apigatewaySnapshot and share results via Turbot Pipes:
powerpipe benchmark run terraform_aws_compliance.benchmark.apigateway --shareControls
- API Gateway Deployment should have create_before_destroy enabled
- API Gateway Domain should have latest TLS security policy configured
- API Gateway Method should have restrictive access
- API Gateway Method Settings should have cache enabled
- API Gateway Method Settings should have cache encrypted
- API Gateway Method Settings should have data trace disabled
- API Gateway REST API should have create_before_destroy enabled
- API Gateway stage should uses SSL certificate
- API Gateway REST API stages should have AWS X-Ray tracing enabled
- API Gateway REST API cache data should be encrypted at rest
- API Gateway REST and WebSocket API logging should be enabled
- API Gateway V2 Route should have authorization type set