Ensure that all requestValidatorId in API Gateway are not null

before you send the API request to your server to be process it is recommended to validate the inputs to avoid several types of attacks

Risk Level: High
Cloud Entity: Amazon API Gateway
CloudGuard Rule ID: D9.AWS.NET.68
Covered by Spectral: No
Category: Networking & Content Delivery

GSL LOGIC

ApiGateway should not have resources contain-any [ methods contain-any [ requestValidatorId isEmpty() ] ]

REMEDIATION

From Portal:
Use following steps to enable a request validator on a method.

  1. Sign in to the API Gateway console.
  2. Choose the relevant API.
  3. Select the method which has no validation.
  4. Click 'Method Request'.
  5. Choose the pencil icon of Request Validator under Settings.
  6. Choose validation option from the Request Validator drop-down list. Then choose the check mark icon to save your choice.

References:

  1. https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-request-validation-set-up.html
  2. https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-method-request-validation.html

Amazon API Gateway

Amazon API Gateway is a fully managed service that makes it easy for developers to create, publish, maintain, monitor, and secure APIs at any scale. With a few clicks in the AWS Management Console, you can create REST and WebSocket APIs that act as a ���front door��� for applications to access data, business logic, or functionality from your backend services, such as workloads running on Amazon Elastic Compute Cloud (Amazon EC2), code running on AWS Lambda, any web application, or real-time communication a

Compliance Frameworks

  • AWS CloudGuard Best Practices
  • AWS CloudGuard SOC2 based on AICPA TSC 2017
  • AWS HITRUST
  • AWS HITRUST v11.0.0
  • AWS ITSG-33
  • AWS MITRE ATT&CK Framework v10
  • AWS MITRE ATT&CK Framework v11.3
  • CloudGuard AWS All Rules Ruleset