API Gateway routes should specify an authorization type

このページは日本語には対応しておりません。随時翻訳に取り組んでいます。翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください。

Description

This control verifies whether Amazon API Gateway routes are configured with an authorization mechanism. The control fails if an API Gateway route lacks any form of authorization.

API Gateway offers several methods for managing and restricting access to your APIs. By setting an authorization type, you can ensure that only authorized users or systems can access your API.

Remediation

To learn how to configure authorization for HTTP APIs, review the Controlling and managing access to an HTTP API in API Gateway section in the API Gateway Developer Guide. To configure authorization for WebSocket APIs, review the Controlling and managing access to a WebSocket API in API Gateway section in the API Gateway Developer Guide.