Detections
Analytics

Ensure active tracing is enabled for AWS API Gateway Stage

LOW

Description

Active tracing is disabled for AWS API Gateway Stage. This may make code debugging/audit processes challenging.

Remediation

In AWS Console -

  1. Sign in to the AWS Console and open the API Gateway console.
  2. Select an API.
  3. Select a stage.
  4. On the Logs/Tracing tab, select Enable X-Ray Tracing and then select Save Changes.
  5. Select Resources in the left side navigation panel.
  6. To redeploy the API with the new settings, select the Actions dropdown, and select choose Deploy API.

In Terraform -

  1. In the aws_api_gateway_stage resource, set the attribute 'xray_tracing_enabled' to 'true'.

References:
https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-xray.html
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/api_gateway_stage#xray_tracing_enabled

Policy Details

Rule Reference ID: AC_AWS_0400
CSP: AWS
Remediation Available: Yes
Domain: Logging and Monitoring
Resource: aws_api_gateway_stage
Resource Category: Virtual Network
Resource Type: API Gateway

Frameworks