Ensure that the endpoint type is set to private for API Gateway Rest API

MEDIUM

Description

Amazon API Gateway Rest API can be configured for private access by using a VPC. This may help prevent unauthorized access or data loss through public networks.

Remediation

In AWS Console -

Sign in to the API Gateway console.
Select Create API.
Under REST API, select Build.
Enter a name for API Name.
For Endpoint Type, select Private.
Click on Create API.

In Terraform -

In the aws_api_gateway_rest_api resource, add 'PRIVATE' to the list of 'endpoint_configuration.types'.
Configure vpc_endpoint_ids as needed.

References:
https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-vpc-endpoint-policies.html
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/api_gateway_rest_api#endpoint_configuration

Policy Details

Rule Reference ID: AC_AWS_0011

CSP: AWS

Remediation Available: Yes

Domain: Infrastructure Security

Resource: aws_api_gateway_rest_api

Resource Category: Virtual Network

Resource Type: API Gateway

Frameworks

GDPR
HIPAA
ISO-27001
NIST-800-171
NIST-800-53
NIST-CSF
PCI-DSSv3.2.1
PCI-DSSv4.0
WELL-ARCH

Detections

Analytics