LOW
Source
Trivy
ID
AVD-AWS-0004

No unauthorized access to API Gateway methods

API Gateway methods should generally be protected by authorization or api key. OPTION verb calls can be used without authorization

Impact

API gateway methods can be accessed without authorization.

Follow the appropriate remediation steps below to resolve the issue.

Use and authorization method or require API Key

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
resource "aws_api_gateway_rest_api" "MyDemoAPI" {
  
}

resource "aws_api_gateway_method" "good_example" {
  rest_api_id   = aws_api_gateway_rest_api.MyDemoAPI.id
  resource_id   = aws_api_gateway_resource.MyDemoResource.id
  http_method   = "GET"
  authorization = "AWS_IAM"
}