Checks whether the security authentication method of an API in API Gateway is set to JSON Web Token (JWT).
Scenarios
API Gateway provides a mechanism for authorized access to your APIs based on a JWT. You can use this mechanism to customize security settings.
Risk level
Default risk level: medium.
You can change the risk level as required when you apply this rule.
Compliance evaluation logic
- If the security authentication method of the API in API Gateway is set to JWT, the evaluation result is compliant.
- If the security authentication method of the API in API Gateway is not set to JWT, the evaluation result is non-compliant. For more information about how to correct the non-compliant configuration, see Non-compliance remediation.
Rule details
| Item | Description |
|---|---|
| Rule name | api-gateway-api-auth-jwt |
| Rule ID | api-gateway-api-auth-jwt |
| Tag | ApiGateway and API |
| Automatic remediation | Not supported |
| Trigger type | Periodic execution |
| Time interval | 24 hours |
| Supported resource type | API resource |
| Input parameter | None |
Non-compliance remediation
Set the security authentication method of the API to JWT. For more information, see JWT-based authentication.