Rule: API Gateway Stage Should Be Associated with WAF

This rule ensures that API Gateway stages are properly associated with a Web Application Firewall for enhanced security.

Rule	API Gateway stage should be associated with waf
Framework	FedRAMP Moderate Revision 4
Severity	✔ Medium

Rule Description

The rule requires that the API Gateway stage is associated with a Web Application Firewall (WAF) in order to comply with the FedRAMP Moderate Revision 4 security requirements.

Troubleshooting Steps

1.
Verify if the API Gateway stage is currently associated with a WAF.

2.
Check if the WAF is configured to meet the FedRAMP Moderate Revision 4 requirements.

3.
Ensure that the WAF is properly integrated with the API Gateway stage.

Necessary Codes

There are no specific codes provided for this rule. However, you may need to use AWS CLI or SDKs to configure the association between the API Gateway stage and the WAF.

Step-by-Step Guide for Remediation

1.

Open the AWS Management Console and navigate to the API Gateway service.

2.

Select the API you want to configure and click on "Stages" in the left navigation pane.

3.

Select the relevant stage you want to associate with the WAF.

4.

Click on the "Settings" tab for the selected stage.

5.

Scroll down to the "Web Application Firewall" section and click on the "Edit" button.

6.

In the "Web Application Firewall" settings, select the option to associate a WAF.

7.

Choose an existing WAF ACL (Access Control List) from the drop-down menu or create a new ACL if one doesn't exist.

8.

Save the changes by clicking on the "Save Changes" button.

9.

Verify that the association is successful by checking the WAF settings for the selected API Gateway stage.

Make sure to follow any additional organization-specific guidelines or security requirements while configuring the WAF and API Gateway stage association.

Remember to test and validate the configuration to ensure that the API Gateway stage is properly protected by the WAF according to FedRAMP Moderate Revision 4 standards.

Rule: API Gateway Stage Should Be Associated with WAF

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Rule Description

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Troubleshooting Steps

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Necessary Codes

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Step-by-Step Guide for Remediation

Is your System Free of Underlying Vulnerabilities? Find Out Now

Rule Description

Troubleshooting Steps

Necessary Codes

Step-by-Step Guide for Remediation

Is your System Free of Underlying Vulnerabilities?
Find Out Now