AWS API Gateway
Overview
Critical
0High
8Medium
0Low
0Informational
0Security issues (8)
| Severity | Non-Compliance | Region | Resource | Issue | Remediation | Read more | Action |
|---|---|---|---|---|---|---|---|
| High | — | us-east-1 | 5pxmae2re2 | API Gateway has no Web Application Firewall (WAF) enabled in the stage: "beta". | Enable WAF to protect your APIs from common web exploits, such as SQL injection and cross-site scripting (XSS) attacks. | More info | |
| High | — | us-east-2 | s87eelcsz6 | API Gateway has no client SSL certificate enabled in the stage: "dev". | Add a client SSL certificates to verify the requester's authenticity. | More info | |
| High | — | us-east-2 | s87eelcsz6 | API Gateway has no active tracing with X-ray enabled in the stage: "dev". | Enable X-Ray tracing option in the stage's settings. | More info | |
| High | PCI DSS 10.2 HIPAA (Audit) | us-east-2 | s87eelcsz6 | API Gateway has neither ERROR nor INFO level of logging enabled in the stage: "dev". | Enable either ERROR or INFO level of logging in the stage's settings. | More info | |
| High | — | us-east-2 | s87eelcsz6 | API Gateway has not configured to cache or the cache is not encrypted in the stage: "dev". | Enable API cache and the "Encrypt cache data" options in the stage's settings. | More info | |
| High | — | us-west-2 | lrybev4omj | API Gateway has no Web Application Firewall (WAF) enabled in the stage: "test". | Enable WAF to protect your APIs from common web exploits, such as SQL injection and cross-site scripting (XSS) attacks. | More info | |
| High | — | us-west-2 | lrybev4omj | API Gateway has no client SSL certificate enabled in the stage: "test". | Add a client SSL certificates to verify the requester's authenticity. | More info | |
| High | — | us-west-2 | lrybev4omj | API Gateway has no active tracing with X-ray enabled in the stage: "test". | Enable X-Ray tracing option in the stage's settings. | More info |
APIs (3)
| Region | ID | Name | Description | Endpoint type | Created | Security issues |
|---|---|---|---|---|---|---|
| us-east-1 | 5pxmae2re2 | PetStore | Your first API with Amazon API Gateway. This is a sample API that integrates via HTTP with our demo Pet Store endpoints | Regional | 1 High (details) | |
| us-east-2 | s87eelcsz6 | HelloWorldAPI | — | Edge | 4 High (details) | |
| us-west-2 | lrybev4omj | PetStore | Your first API with Amazon API Gateway. This is a sample API that integrates via HTTP with our demo Pet Store endpoints | Regional | 3 High (details) |