API Gateway has no SSL certificate

ID

aws_api_gateway_without_ssl

Severity

high

Vendor

AWS

Resource

Encryption

Tags

reachable

Description

API Gateway has no SSL certificate. This is strongly discouraged. A malicious user can obtain information.

To fix it, you must configure validate_certs=true.

Learn more about this topic at AWS SSL certificates.

Examples

---
- name: Example playbook
  hosts: localhost
  tasks:
    - name: API definition
      community.aws.api_gateway:
        swagger_file: my_api.yml
        stage: production
        cache_enabled: true
        cache_size: '1.6'
        tracing_enabled: true
        endpoint_type: EDGE
        state: present
        validate_certs: false

Mitigation / Fix

---
- name: Example playbook
  hosts: localhost
  tasks:
    - name: API definition
      community.aws.api_gateway:
        swagger_file: my_api.yml
        stage: production
        cache_enabled: true
        cache_size: '1.6'
        tracing_enabled: true
        endpoint_type: EDGE
        state: present