Ensure AWS AppSync is protected by WAF
Error: AWS AppSync is not protected by WAF
Bridgecrew Policy ID: BC_AWS_GENERAL_139
Checkov Check ID: CKV_AWS_33
Severity: LOW
AWS AppSync is not protected by WAF
Description
Ensuring that your AWS AppSync API is protected by a Web Application Firewall (WAF) can help to improve the security of your API by protecting against common web vulnerabilities such as SQL injection attacks and cross-site scripting (XSS) attacks by inspecting incoming requests and blocking those that contain malicious payloads. It can also help to prevent DDoS attacks by allowing you to set rate-based rules that limit the number of requests that an IP address can send to your API within a specified time period.
Fix - Runtime
Fix - Buildtime
Terraform
resource "aws_appsync_graphql_api" "pass" {
authentication_type = "API_KEY"
name = "example"
}
resource "aws_wafv2_web_acl_association" "pass" {
resource_arn = aws_appsync_graphql_api.pass.arn
web_acl_arn = aws_wafv2_web_acl.example.arn
}
Updated 9 months ago