API Gateway routes should specify an authorization type

This page is not yet available in Spanish. We are working on its translation.
If you have any questions or feedback about our current translation project, feel free to reach out to us!

Description

This control verifies whether Amazon API Gateway routes are configured with an authorization mechanism. The control fails if an API Gateway route lacks any form of authorization.

API Gateway offers several methods for managing and restricting access to your APIs. By setting an authorization type, you can ensure that only authorized users or systems can access your API.

Remediation

To learn how to configure authorization for HTTP APIs, review the Controlling and managing access to an HTTP API in API Gateway section in the API Gateway Developer Guide. To configure authorization for WebSocket APIs, review the Controlling and managing access to a WebSocket API in API Gateway section in the API Gateway Developer Guide.