AWS API gateway request parameter is not validated

Description

This policy detects whether the AWS API Gateway has request validation enabled. Request validation is crucial for ensuring that the input parameters of each request to the API Gateway are properly validated, which helps prevent security vulnerabilities such as injection attacks and data breaches.

Code Example

resource "aws_api_gateway_method" "MyDemoMethod" {
  rest_api_id   = aws_api_gateway_rest_api.MyDemoAPI.id
  resource_id   = aws_api_gateway_resource.MyDemoResource.id
  http_method   = "GET"
  authorization = "NONE"
+ request_validator_id = example.id
}

Remediation

Terraform

Resource: aws_api_gateway_method
Arguments: request_validator_id

To fix this issue, add the request_validator_id argument to the aws_api_gateway_method resource in your Terraform code. This argument configures request validation settings for the API Gateway method. Make sure to specify the required input parameters and their validation requirements.

Secure code example:

Rule Details

Field	Value
ID	IAC-0487
Severity	LOW
IaC Type	Terraform
Frameworks	Terraform, TerraformPlan
Checkov ID	CKV2_AWS_53

References

Checkov Rule

Overview

SAST (Application Security)

SCA (Dependencies)

Secrets Detection

IaC Security

License Compliance

SAST Rules

IaC Rules

License Rules

AWS API gateway request parameter is not validated

Description

Code Example

Remediation

Rule Details

References

SAST Rules

IaC Rules

License Rules

AWS API gateway request parameter is not validated ​

Description ​

Code Example ​

Remediation ​

Rule Details ​

References ​

AWS API gateway request parameter is not validated

Description

Code Example

Remediation

Rule Details

References