22

Development Config Rules

Last Update a month ago

AWS Config Rule: CodeBuild Project OAuth Check AWS Config Rule: CodeBuild Plaintext Creds. in Env. Variables AWS Config Rule: CodeBuild Project Artifact Encryption AWS Config Rule: CodeBuild Project Environment Privileged Mode Enabled AWS Config Rule: Lambda Function Public Access Prohibited

AWS Config Rule: API Gateway SSL Enabled

API_GW_SSL_ENABLED

Ryan Ware

Last Update 2 months ago

Description: Checks if a REST API stage uses an Secure Sockets Layer (SSL) certificate. This rule is NON_COMPLIANT if the REST API stage does not have an associated SSL certificate.


Trigger type: Configuration changes


AWS Region: All supported AWS regions except Asia Pacific (Jakarta), Asia Pacific (Osaka), Canada West (Calgary) Region

How to Resolve Manually

You can use API Gateway to generate an SSL certificate and then use its public key in the backend to verify that HTTP requests to your backend system are from API Gateway. This allows your HTTP backend to control and accept only requests that originate from Amazon API Gateway, even if the backend is publicly accessible.


There are several steps to be manually completed in order for your Amazon API Gateway REST API stage to be certified with an SSL Certificate.


You can follow AWS' official documentation here in order to complete the following steps to make your Gateway Stage COMPLIANT.


Step One: Generate a client certificate using the API Gateway console


  • Open the API Gateway console 
  • Choose your REST API.
  • In the main navigation pane, choose Client Certificates.
  • From the Client Certificates pane, choose Generate Client Certificate.
  • Optionally, for Edit, choose to add a descriptive title for the generated certificate and choose Save to save the description. API Gateway generates a new certificate and returns the new certificate GUID, along with the PEM-encoded public key.


Step Two: Configure an API to use SSL certificates


  • In the API Gateway console, create or open an API for which you want to use the client certificate. Make sure that the API has been deployed to a stage.
  • Choose Stages under the selected API and then choose a stage.
  • In the Stage Editor panel, select a certificate under the Client Certificate section.
  • To save the settings, choose Save Changes.


Additional test and troubleshooting steps are within the linked AWS Documentation above.

Want to know more about StackZone and how to make your cloud management simple and secure?

Check our how it works section with easy to follow videos or just create your own StackZone Account here

Was this article helpful?

0 out of 0 liked this article

Still need help? Message Us