Detections
Analytics

Ensure no wildcards are being used in AWS API Gateway Rest API Policy

HIGH

Description

Using wildcards in AWS API Gateway Rest API Policy may lead to unauthorized access.

Remediation

In AWS Console -

  1. Sign in to AWS Console and open the API Gateway Console.
  2. Choose the API Gateway that you want to update.
  3. Under Resource Policy, edit any that have a wildcard (*) included with an Effect set to Allow.
  4. Select Save.

In Terraform -

  1. In the aws_api_gateway_rest_api_policy resource, set Policy Statement as needed.

There are additional methods for securing access to an API Gateway. For more information, see the AWS or Terraform documentation.
References:
https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-control-access-to-api.html
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/api_gateway_rest_api_policy

Policy Details

Rule Reference ID: AC_AWS_0450
CSP: AWS
Remediation Available: No
Domain: Identity and Access Management
Resource: aws_api_gateway_rest_api_policy
Resource Category: Virtual Network
Resource Type: API Gateway

Frameworks