Findings

AWS API Gateway not private

Updated: June 19, 2025

findings design based findings api finding

Description

Severity: Low

A private API Gateway is configured with an IAM policy that allows public access.

Remediation

Review and update the IAM policy attached to the API Gateway to ensure it restricts access appropriately.

Need help?

Contact FireTail support

Previous (Findings - Design based findings)
Authentication removed
Next (Findings - Design based findings)
Basic HTTP auth