[APIGateway.3]
API Gateway REST API stages should have AWS X-Ray tracing enabled
Description
All stages of an APIGateway REST API must have X-Ray Active Tracing enabled. X-Ray tracing provides real time metrics of user requests to your API and enables you to respond faster to performance changes. To make this rule COMPLIANT, you must set the TracingEnabled parameter to true.
Details
| Property | Value |
|---|---|
| Category | Detect > Detection Services |
| Compliance Control ID | APIGateway.3 |
| FortifyFox ID | FF100059 |
| Link | APIGateway.3 Compliance |
| Resource Type(s) | AWS::ApiGateway::Stage, AWS::ApiGateway::Deployment |
| Severity | Low |
Remediation
Use the following CloudFormation templates to deploy a REST API compliant with APIGateway.3
YAML Template
Resources:
restAPI:
Type: AWS::ApiGateway::Stage
Properties:
RestApiId: !Ref Your_API_ID
TracingEnabled: true
JSON Template
{
"Resources": {
"restAPI": {
"Type": "AWS::ApiGateway::Stage",
"Properties": {
"RestApiId": {
"Ref": "Your_API_ID"
},
"TracingEnabled": true
}
}
}
}
You will need to replace Your_API_ID with the ID of your RestAPI.
📓 Notes
- An APIGateway Rest API can also be deployed using
AWS::ApiGateway::Deploymentas the resource. You can configure theTracingEnabledproperty in the Stage Description to specify whether active tracing with X-ray is enabled for the stage. Use the following templates to achieve that:
YAML Template
Resources:
restAPI:
Type: AWS::ApiGateway::Deployment
Properties:
RestApiId: !Ref Your_API_ID
StageDescription:
TracingEnabled: true
JSON Template
{
"Resources": {
"restAPI": {
"Type": "AWS::ApiGateway::Deployment",
"Properties": {
"RestApiId": {
"Ref": "Your_API_ID"
},
"StageDescription": {
"TracingEnabled": true
}
}
}
}
}