AI CloudAdvisor (Beta)

My Presets

You must be logged in to save or view your saved configuration templates

Security Controls

Service Control PoliciesConfig RulesCloudWatch Alarms and Event RulesCloudFormation Guard RulesLogging & Monitoring ConfigurationsBackups & DRAuto Remediation RulesConformance PacksBilling and Cost ManagementS3 Bucket PoliciesSecurity Groups & NACLsIAM PoliciesVPC Endpoint Policies

AWS Services

Guided Walkthroughs

Configuration Packages

Reference Guides

Other

AI CloudAdvisor (Beta)

Configuration Stack
0

My Presets

Security Controls

AWS Services

VPC Security ControlsEC2 Security ControlsIAM Security ControlsS3 Security ControlsRDS Security ControlsOpenSearch/Elasticsearch Security ControlsEFS Security ControlsRoute53 Security ControlsDynamoDB Security ControlsECR Security ControlsEMR SecurityLambda SecurityCloudFormation SecurityCodeX Security ControlsCloudFront SecurityAWS Certificate Manager (ACM) SecurityAmazon GuardDutyAmazon InspectorAWS Security HubAWS Network FirewallRoute53 Resolver SecurityAmazon MacieAWS WAFAWS Secrets ManagerAWS Systems ManagerAWS KMSAWS SSOLoad BalancersRDS Event SubscriptionsAWS Resource Access Manager (RAM)Alexa SkillAmazon API GatewayAWS AppConfigAmazon AppFlowAWS App MeshAWS App RunnerAWS AppSyncApplication Auto ScalingAmazon AthenaAWS BatchAWS Billing ConductorAWS Clean RoomsAWS SNSAWS SQSAWS Service DiscoveryAWS Step FunctionsAWS CloudTrailAWS ConfigAWS CloudWatchAWS CognitoAmazon Connect

Guided Walkthroughs

Configuration Packages

Reference Guides

Other

AWS AppSync

A collection of configuration templates for AWS AppSync as well as security controls for monitoring and protecting AWS AppSync configuration such as Config Rules, CloudWatch Alarms, EventBridge Rules, IAM policies, and more.

AppSync
AppSync GraphQL API Example
Add to Stack

This template creates a new AWS AppSync GraphQL API `my-appsync-api`. It uses Cognito for authentication (user pool us-east-1_123456789)

CloudFormation
AppSync API Key
Add to Stack

This template creates an API key and associates it with a new GraphQL API. You can optionally add a parameter to set key expiry

CloudFormation
AppSync API Cache
Add to Stack

This template creates an ApiCache for a GraphQL API. The `ApiCache` resource is of type `AWS::AppSync::ApiCache` and has properties such as `Type` which is set to `SMALL`, `ApiCachingBehavior` which is set to `FULL_REQUEST_CACHING`, `Ttl` which is set to 1200, `TransitEncryptionEnabled` which is set to true, and `AtRestEncryptionEnabled` which is set to true.

CloudFormation
Config Rule
Check if AppSync APIs are associated with WAFv2 ACLs
Add to Stack

Checks if AWS AppSync APIs are associated with AWS WAFv2 web access control lists (ACLs). The rule is NON_COMPLIANT for an AWS AppSync API if it is not associated with a web ACL.

CloudFormation
Check if AWS AppSync API cache has encryption at rest enabled
Add to Stack

Checks if an AWS AppSync API cache has encryption at rest enabled. This rule is NON_COMPLIANT if 'AtRestEncryptionEnabled' is false.

CloudFormation
Ensure AWS AppSync API has logging enabled
Add to Stack

Checks if an AWS AppSync API has logging enabled. The rule is NON_COMPLIANT if logging is not enabled, or 'fieldLogLevel' is neither ERROR nor ALL.

CloudFormation
AppSync
Config Rule