Amplify app basic authentication is not enabled Affecting Amplify service in AWS

Snyk CCSS

IAM / Access Control

Is your enviroment affected by this misconfiguration?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Frameworks

Snyk ID SNYK-CC-00732
credit Snyk Research Team

Report a new misconfiguration Found a mistake?

Description

Basic authentication should be enabled for all Amplify apps to ensure secure access control. Without basic authentication, unauthorized users may be able to access sensitive resources and perform malicious activities. Enabling basic authentication adds an extra layer of security by requiring users to provide valid credentials before accessing the app. This helps prevent unauthorized access and protects sensitive data from potential threats.

How to fix?

Set the enable_basic_auth attribute to true for the resource aws_amplify_app.

Example Configuration


resource "aws_amplify_app" "example-allow1" {
  name = "allow1"

  enable_basic_auth      = true
  basic_auth_credentials = base64encode("username1:password1")

}

Terraform

aws_amplify_app

Amplify app basic authentication is not enabled Affecting Amplify service in AWS

Severity

Description

How to fix?

Example Configuration

Terraform