32d7567acf
## Review A dedicated reviewer checked the rule description successfully for: - [x] logical errors and incorrect information - [x] information gaps and missing content - [x] text style and tone - [x] PR summary and labels follow [the guidelines](https://github.com/SonarSource/rspec/#to-modify-an-existing-rule)
64 lines
1.2 KiB
Plaintext
64 lines
1.2 KiB
Plaintext
include::../description.adoc[]
|
|
|
|
include::../ask-yourself.adoc[]
|
|
|
|
include::../recommended.adoc[]
|
|
|
|
== Sensitive Code Example
|
|
|
|
A public API that doesn't have access control implemented:
|
|
|
|
[source,yaml]
|
|
----
|
|
AWSTemplateFormatVersion: 2010-09-09
|
|
Resources:
|
|
ExampleMethod:
|
|
Type: AWS::ApiGateway::Method
|
|
Properties:
|
|
AuthorizationType: NONE # Sensitive
|
|
HttpMethod: GET
|
|
----
|
|
|
|
A Serverless Application Model (SAM) API resource that is public by default:
|
|
|
|
[source,yaml]
|
|
----
|
|
AWSTemplateFormatVersion: 2010-09-09
|
|
Resources:
|
|
ExampleApi: # Sensitive
|
|
Type: AWS::Serverless::Api
|
|
Properties:
|
|
StageName: Prod
|
|
----
|
|
|
|
== Compliant Solution
|
|
|
|
An API that implements AWS IAM permissions:
|
|
|
|
[source,yaml]
|
|
----
|
|
AWSTemplateFormatVersion: 2010-09-09
|
|
Resources:
|
|
ExampleMethod:
|
|
Type: AWS::ApiGateway::Method
|
|
Properties:
|
|
AuthorizationType: AWS_IAM
|
|
HttpMethod: GET
|
|
----
|
|
|
|
A Serverless Application Model (SAM) API resource that has to be requested using a key:
|
|
|
|
[source,yaml]
|
|
----
|
|
AWSTemplateFormatVersion: 2010-09-09
|
|
Resources:
|
|
ExampleApi:
|
|
Type: AWS::Serverless::Api
|
|
Properties:
|
|
StageName: Prod
|
|
Auth:
|
|
ApiKeyRequired: true
|
|
----
|
|
|
|
include::../see.adoc[]
|