appsync-authorization-check - AWS Config

appsync-authorization-check

Checks if an AWS AppSync API is using allowed authorization mechanisms. The rule is NON_COMPLIANT if an unapproved authorization mechanism is being used.

Identifier: APPSYNC_AUTHORIZATION_CHECK

Resource Types: AWS::AppSync::GraphQLApi

Trigger type: Configuration changes

AWS Region: All supported AWS regions except US ISO West, US ISO East, Asia Pacific (Malaysia), US ISOB East, Asia Pacific (Melbourne), AWS GovCloud (US-East), AWS GovCloud (US-West), US West (Oregon), Israel (Tel Aviv), Canada West (Calgary) Region

Parameters:

AllowedAuthorizationTypes
Type: CSV

Comma-separated list of allowed AWS AppSync authorization mechanisms. Allowed values are: 'API_KEY', 'AWS_LAMBDA', 'AWS_IAM', 'OPENID_CONNECT', 'AMAZON_COGNITO_USER_POOLS'.

AWS CloudFormation template

To create AWS Config managed rules with AWS CloudFormation templates, see Creating AWS Config Managed Rules With AWS CloudFormation Templates.