appsync-authorization-check
Checks if an AWS AppSync API is using allowed authorization mechanisms. The rule is NON_COMPLIANT if an unapproved authorization mechanism is being used.
Identifier: APPSYNC_AUTHORIZATION_CHECK
Resource Types: AWS::AppSync::GraphQLApi
Trigger type: Configuration changes
AWS Region: All supported AWS regions except US ISO West, US ISO East, Asia Pacific (Malaysia), US ISOB East, Asia Pacific (Melbourne), AWS GovCloud (US-East), AWS GovCloud (US-West), US West (Oregon), Israel (Tel Aviv), Canada West (Calgary) Region
Parameters:
- AllowedAuthorizationTypes
- Type: CSV
-
Comma-separated list of allowed AWS AppSync authorization mechanisms. Allowed values are: 'API_KEY', 'AWS_LAMBDA', 'AWS_IAM', 'OPENID_CONNECT', 'AMAZON_COGNITO_USER_POOLS'.
AWS CloudFormation template
To create AWS Config managed rules with AWS CloudFormation templates, see Creating AWS Config Managed Rules With AWS CloudFormation Templates.