Updated on 2024-10-15 GMT+08:00

Best Practices for API Gateway

The following table describes the compliance rules and solutions in the sample template.

Table 1 Conformance package description

Rule

Cloud Service

Description

apig-instances-authorization-type-configured

apig

If a dedicated APIG gateway does not have any types of API authentication configured, this gateway is non-compliant.

apig-instances-execution-logging-enabled

apig

If logging is not enabled for a dedicated APIG gateway, this gateway is considered non-compliant.

apig-instances-ssl-enabled

apig

If no SSL certificates are attached to a dedicated APIG gateway, this gateway is considered noncompliant.