{"results":[{"id":"access-analyzer-start-resource-scan-empty-response","text":"`StartResourceScan` returns HTTP 200 with no body on success — scan results must be retrieved separately via findings APIs (`ListFindings`/`GetFinding`).","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"access-analyzer-start-resource-scan-external-only","text":"The `StartResourceScan` API action in IAM Access Analyzer works only with external access analyzers — not unused access analyzers or other analyzer types.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"acm-certificates-are-regional","text":"ACM certificates are regional resources — you cannot copy a certificate between regions.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"acm-no-additional-charge","text":"ACM itself is free — there is no additional charge for SSL/TLS certificate management; you only pay for underlying AWS resources.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"administrator-access-policy-wildcard-action-resource","text":"The AdministratorAccess managed policy uses `\"Action\": \"*\"` and `\"Resource\": \"*\"` in a single Allow statement, granting unrestricted access to every AWS API on every resource.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"apigateway-account-resource-one-per-region","text":"The `AWS::ApiGateway::Account` CloudFormation resource configures the IAM role API Gateway uses to write CloudWatch logs, and is configured once per region.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"apigateway-rest-api-minimum-five-resources","text":"A CloudFormation REST API deployment requires at minimum five resource types: RestApi, Resource, Method, Deployment, and Stage.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"apigateway-rest-api-only-features","text":"REST APIs exclusively support: API keys, per-client throttling, request validation, WAF integration, caching, canary releases, private endpoints, edge-optimized endpoints, mock integrations, X-Ray tracing, execution logs, and resource policies.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"apigateway-usage-plan-apikey-three-resources","text":"API Gateway throttling and quota control uses three resources together: UsagePlan (throttle/quota limits), ApiKey (credential), and UsagePlanKey (association between them).","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"apigateway-vpclink-requires-nlb","text":"API Gateway VpcLink connects REST APIs to private VPC resources via Network Load Balancers (NLB) — required for private integrations.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"apigw-aws-config-four-resource-types","text":"AWS Config supports four API Gateway resource types: `AWS::ApiGateway::RestApi`, `AWS::ApiGateway::Stage`, `AWS::ApiGatewayV2::Api`, and `AWS::ApiGatewayV2::Stage`.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"apigw-cleanup-four-resources","text":"Cleaning up a Lambda-backed API Gateway setup requires deleting four separate resources: the API, the Lambda function, the CloudWatch log group, and the IAM execution role.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"apigw-http-api-integration-targets","text":"HTTP APIs support integrations with Lambda, HTTP endpoints, private VPC resources, and AWS services (SQS, Step Functions, Kinesis).","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"apigw-proxy-resource-greedy-path-any-method","text":"A proxy resource uses a greedy path variable `{proxy+}` with the `ANY` method to catch all sub-paths and HTTP verbs with a single integration; `HTTP_PROXY` passes through without transformation, `AWS_PROXY` uses a default mapping template for Lambda.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"apigw-rest-api-six-access-control-mechanisms","text":"API Gateway REST APIs support six access control mechanisms: resource policies, IAM roles/policies, IAM tags, Lambda authorizers, Cognito user pools, and VPC endpoint policies.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"apigw-three-api-types","text":"API Gateway supports three API types: REST API (resources + methods), HTTP API (routes + methods, simpler/cheaper), and WebSocket API (routes + route keys, persistent connections).","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"apigw-waf-evaluated-first-before-all-auth","text":"AWS WAF is evaluated first in the API Gateway access control chain — before resource policies, IAM policies, Lambda authorizers, and Cognito authorizers; if WAF blocks, nothing else is evaluated.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"app-autoscaling-custom-resources-supported","text":"Application Auto Scaling can scale custom resources via the `aws-auto-scaling-custom-resource` GitHub framework.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"app-autoscaling-not-for-ec2-instances","text":"Application Auto Scaling handles non-EC2 resources (DynamoDB, ECS, Lambda, Aurora, ElastiCache, etc.); EC2 Auto Scaling handles EC2 instance fleets via Auto Scaling groups.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"appconfig-data-event-resource-type","text":"AppConfig data events use `AWS::AppConfig::Configuration` as the `resources.type` value in CloudTrail advanced event selectors.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null}],"count":271,"limit":20,"offset":0}