Ensure authorization is enabled for AWS API Gateway Method

HIGH

Description

AWS API Gateway can be configured for IAM authentication and authorization. Specific policies can be used for specific actions and resources to secure an API. For more information, see the AWS documentation.
References:
https://docs.aws.amazon.com/apigateway/latest/developerguide/security_iam_service-with-iam.html

Remediation

In AWS Console -

Sign in to AWS Console and open the API Gateway Console.
Choose the API Gateway that you want to update.
Authorizers section, select Create New Authorizer.
Select either Lambda or Cognito and enter the appropriate settings.
Select Create.

In Terraform -

In the aws_api_gateway_method resource, set authorization as needed.

There are additional methods for securing access to an API Gateway. For more information, see the AWS or Terraform documentation.
References:
https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-control-access-to-api.html
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/api_gateway_method

Policy Details

Rule Reference ID: AC_AWS_0439

CSP: AWS

Remediation Available: Yes

Domain: Infrastructure Security

Resource: aws_api_gateway_method

Resource Category: Virtual Network

Resource Type: API Gateway

Frameworks

GDPR
HIPAA
ISO-27001
NIST-800-171
NIST-800-53
NIST-CSF