Detections
Analytics

Ensure logging is enabled for AWS API Gateway Method Settings

MEDIUM

Description

API Gateway REST or WebSocket API stages does not have relevant logs enabled. This can impact the incident response and troubleshooting.

Remediation

In AWS Console -

  1. Go to the API Gateway console.
  2. Select the REST API.
  3. Select the Stages.
  4. In the Stages select Logs/Tracing.
  5. Choose Enable CloudWatch Logs under CloudWatch Settings.
  6. Choose Error or Info from the dropdown menu.

In Terraform -

  1. In the aws_api_gateway_method_settings resource, set 'setting.logging_level' to 'INFO or ERROR'.

References:
https://docs.aws.amazon.com/apigateway/latest/developerguide/security-monitoring.html
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/api_gateway_method_settings#logging_level

Policy Details

Rule Reference ID: AC_AWS_0395
CSP: AWS
Remediation Available: Yes
Domain: Logging and Monitoring
Resource: aws_api_gateway_method_settings
Resource Category: Virtual Network
Resource Type: API Gateway

Frameworks