AWS config documentation change
Summary
Clarified rule applicability for SSL certificate checks in API Gateway stages
Security assessment
Improves documentation of security feature (SSL enforcement) by clarifying rule evaluation logic and scope. No evidence of fixing a specific security vulnerability.
Diff
diff --git a/config/latest/developerguide/api-gw-ssl-enabled.md b/config/latest/developerguide/api-gw-ssl-enabled.md index a0a20319a..19100f8a9 100644 --- a//config/latest/developerguide/api-gw-ssl-enabled.md +++ b//config/latest/developerguide/api-gw-ssl-enabled.md @@ -13 +13 @@ Checks if a REST API stage uses an SSL certificate. The rule is NON_COMPLIANT if -This rule returns `NOT_APPLICABLE` if the [GetIntegration](https://docs.aws.amazon.com/apigateway/latest/api/API_GetIntegration.html) API returns `AWS` as [type](https://docs.aws.amazon.com/apigateway/latest/api/API_GetIntegration.html#apigw-GetIntegration-response-type). +This rule returns `NOT_APPLICABLE` if the [GetIntegration](https://docs.aws.amazon.com/apigateway/latest/api/API_GetIntegration.html) API returns an integration type other than `HTTP` as [type](https://docs.aws.amazon.com/apigateway/latest/api/API_GetIntegration.html#apigw-GetIntegration-response-type). This rule evaluates the SSL certificate configuration in API Gateway stage settings, not the actual deployed state.