More Info:

This rule verifies whether Amazon API Gatewayv2 API routes have an authorization type configured. It ensures that appropriate authentication and authorization mechanisms are in place for accessing the API routes. The rule is marked as non-compliant if the authorization type is set to NONE, indicating that no authentication is required to access the routes

Risk Level

Medium

Address

Security

Compliance Standards

CBP,SEBI

Triage and Remediation

Check Cause

  1. Log in to the AWS Management Console and navigate to the API Gateway service.
  2. In the API Gateway dashboard, select the API Gateway V2 that you want to check.
  3. In the API Gateway V2 details page, select the ‘Routes’ option from the left-hand side menu.
  4. For each route, check the ‘Authorization’ column. If the value is ‘NONE’ or not set, then the API Gateway V2 does not have an Authorization Type configuration.