Guided Walkthroughs
Step-by-step configuration wizards for your environment
Dedicated Security Account
AWS Backup Strategy
VPC Connectivity Setup
Automated Patching
All Guides
CloudFormation guard rules template for API Gateway resources
The following rules are included:
let apigateway_stages = Resources.*[
Type == "AWS::ApiGateway::Stage"
]
let apigateway_restapis = Resources.*[
Type == "AWS::ApiGateway::RestApi"
]
rule restapi_client_certificate_enabled when %apigateway_stages !empty {
%apigateway_stages {
Properties {
ClientCertificateId exists <<ClientCertificateId is not configured.>>
}
}
}
rule restapi_private_public when %apigateway_restapis !empty {
%apigateway_restapis {
Properties {
EndpointConfiguration exists <<EndpointConfiguration is not configured.>>
when EndpointConfiguration exists {
EndpointConfiguration {
Types exists <<Types is not configured.>>
when Types exists {
Types == ["PRIVATE"] <<API gateway is not private.>>
}
}
}
}
}
}
rule stage_access_logging when %apigateway_stages !empty {
%apigateway_stages {
Properties {
AccessLogSetting exists <<AccessLogSetting is not configured.>>
}
}
}
rule restapi_stage_tracing_enabled when %apigateway_stages !empty {
%apigateway_stages {
Properties {
TracingEnabled exists <<TracingEnabled is not configured.>>
when TracingEnabled exists {
TracingEnabled == true <<X-Ray tracing is disabled.>>
}
}
}
}