Findings

AppSync Graphql API is missing WAF

Updated: June 19, 2025

findings cloud based findings api finding

Description

The AWS AppSync Graphql API is missing a WAF implementation.

Remediation

Attach an AWS WAF to the AppSync Graphql API

Security Frameworks

NIST 800-53.r5

NIST-AC-4(21): Information Flow Enforcement | Physical or Logical Separation of Information Flows

Separate information flows logically or physically using [Assignment: organization-defined mechanisms and/or techniques] to accomplish [Assignment: organization-defined required separations by types of information].

NIST-CA-9(1): Internal System Connections | Compliance Checks

Perform security and privacy compliance checks on constituent system components prior to the establishment of the internal connection.

NIST-CM-2: Baseline Configuration

  1. Develop, document, and maintain under configuration control, a current baseline configuration of the system; and
  2. Review and update the baseline configuration of the system:
  1. [Assignment: organization-defined frequency];
  2. When required due to [Assignment: organization-defined circumstances]; and
  3. When system components are installed or upgraded.

Need help?

Contact FireTail support

Previous (Findings - Cloud based findings)
AppSync GraphQL API authentication using API keys
Next (Findings - Cloud based findings)
AppSync GraphQL API query depth limit high