How to Find AWS API Gateways Without WAF ACLs
Access control lists (ACLs) reduce the attack surface and minimize the risk of service abuse for internet-reachable services.
This security check is part of the CIS Amazon Web Services Benchmarks and is rated severity medium.
> search is(aws_api_gateway_stage) and stage_web_acl_arn==null
kind=aws_api_gateway_stage, ..., region=resoto-poweruser
kind=aws_api_gateway_stage, ..., account=poweruser-team
searchcommand into the
> search is(aws_api_gateway_stage) and stage_web_acl_arn==null | dump
The command output will list the details of all non-compliant
Use AWS WAF to protect your API Gateway API from common web exploits. SQL injection and cross-site scripting (XSS) attacks can affect API availability and performance, compromise security, or consume excessive resources.
Please refer to the AWS API Gateway documentation for details.