Ensure that AWS Web Application Firewall (WAF) is integrated with Amazon API Gateway to protect your APIs from common web exploits such as SQL injection attacks, cross-site scripting (XSS) attacks and Cross-Site Request Forgery (CSRF) attacks that could affect API availability and performance, compromise API data security or consume excessive resources.
This rule can help you with the following compliance standards:
This rule can help you work with the AWS Well-Architected Framework
This rule resolution is part of the Cloud Conformity Security & Compliance tool for AWS
Associate API Gateway API stages with AWS WAF Web Access Control Lists (ACLs) to monitor and filter the HTTP and HTTPS requests that are forwarded to your API to add protection against common web attacks. For example, you can assign AWS WAF Web ACLs to your API stages to block requests based on IP address or range of IP addresses originating from a specific country or region or block requests containing malicious SQL code or malicious scripts. You can also implement Web ACLs to block bad bots, content scrapers and attacks from specific user-agents.
To determine if your Amazon API Gateway API stages are associated with WAF Web ACLs, perform the following actions:
To enable Amazon API Gateway - Amazon WAF integration by associating API stages with Web ACLs, perform the following actions: