Checks whether an API group of API Gateway is bound to a custom domain name and the domain name is added to Web Application Firewall (WAF). If the API group is bound to a custom domain name and the custom domain name is added to WAF, the configuration is considered compliant.
Scenarios
You can add a custom domain that is bound to an API group of API Gateway to WAF. This helps you improve the security of the domain name.
Risk level
Default risk level: medium.
When you configure this rule, you can change the risk level based on your business requirements.
Compliance evaluation logic
- If an API group of API Gateway is bound to a custom domain name and the domain name is added to WAF, the configuration is considered compliant.
- If an API group of API Gateway is not bound to a custom domain name, the configuration is considered non-compliant. If an API group of API Gateway is bound to a custom domain name but the domain name is not added to WAF, the configuration is also considered non-compliant. For more information about how to remediate the non-compliant configuration, see Non-compliance remediation.
Rule details
| Item | Description |
|---|---|
| Rule name | api-gateway-group-domain-access-waf |
| Rule ID | api-gateway-group-domain-access-waf |
| Tag | ApiGateway and ApiGroup |
| Automatic remediation | Not supported |
| Trigger type | Periodic execution |
| Time interval | All day |
| Supported resource type | Domain name |
| Input parameter | None |
Non-compliance remediation
Bind an API group to a custom domain name and add the domain name to WAF. For more information, see Configure WAF.