API Gateway authorizer caching TTL is not configured Affecting API Gateway (REST APIs) service in AWS
CCSS (Common Configuration Scoring System) is a set of measures used to determine the severity of the rule.
Each rule is associated with a high-level category. For example IAM, Container, Monitoring, Logging, Network, etc.
Is your environment affected by this misconfiguration?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk IDSNYK-CC-00771
- creditSnyk Research Team
Description
Disabling the TTL for API Gateway Authorizer caching can lead to increased latency and higher load on the authorizer's Lambda function, potentially impacting performance and cost. Without TTL, each request requires a fresh authorization decision, which can also increase the risk of rate-limiting and reduce the overall availability of the service.
How to fix?
Set the authorizer_result_ttl_in_seconds attribute in a aws_apigatewayv2_authorizer or a aws_api_gateway_authorizer resource to a value greater than 0.
Example Configuration
resource "aws_apigatewayv2_authorizer" "allowed1" {
api_id = aws_apigatewayv2_api.api.id
authorizer_type = "REQUEST"
authorizer_uri = aws_lambda_function.lambda.invoke_arn
authorizer_result_ttl_in_seconds = 500
identity_sources = [","]
authorizer_payload_format_version = "1.0"
name = "authorizer"
}
Or
resource "aws_api_gateway_authorizer" "allowed1" {
rest_api_id = aws_api_gateway_authorizer.api.id
type = "REQUEST"
authorizer_uri = aws_lambda_function.lambda.invoke_arn
authorizer_result_ttl_in_seconds = 500
name = "authorizer"
}