Back to All Checks
Medium APIGateway Regional

API Gateway should be associated with a WAF Web ACL

NISTISO 27001

Description

Checks whether an API Gateway stage uses an AWS WAF web access control list (ACL).

Remediation

To associate an AWS WAF Regional web ACL with an existing API Gateway API stage, see Using AWS WAF to protect your APIs in the API Gateway Developer Guide.

Steps

  1. Navigate to the API Gateway console.
  2. Select the API and stage you want to associate with a WAF Web ACL.
  3. Use the AWS WAF console to create or select an existing Web ACL and associate it with the API stage.

Compliance

NISTISO 27001
Start Your Free Security Check