Checks whether the HTTPS security policies configured for an API group in API Gateway are included in the policy list specified by the input parameter of this rule.
Scenarios
You can configure specific HTTPS security policies for an API group for service usage and management.
Risk level
Default risk level: medium.
You can change the risk level as required when you apply this rule.
Compliance evaluation logic
- If the HTTPS security policies configured for the API group in API Gateway are included in the policy list specified by the input parameter of this rule, the evaluation result is compliant.
- If the HTTPS security policies configured for an API group in API Gateway are excluded from the policy list specified by the input parameter of this rule, the evaluation result is non-compliant. For more information about how to correct the non-compliant configuration, see Non-compliance remediation.
Rule details
| Item | Description |
|---|---|
| Rule name | api-gateway-group-https-policy-check |
| Rule ID | api-gateway-group-https-policy-check |
| Tag | ApiGateway and ApiGroup |
| Automatic remediation | Supported |
| Trigger type | Configuration change |
| Supported resource type | API group |
| Input parameter | HttpsPolicysNote Separate multiple parameter values with commas (,).
|
Non-compliance remediation
Configure an HTTPS security policy for the API group. For more information, see Configure an HTTPS security policy.