Login

Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

Rule: API Gateway REST API stages should have AWS X-Ray tracing enabled

This rule ensures enabling AWS X-Ray tracing for API Gateway REST API stages.

RuleAPI Gateway REST API stages should have AWS X-Ray tracing enabled
FrameworkAWS Foundational Security Best Practices
Severity
Low

Rule Description:

API Gateway is a service provided by AWS that allows you to create, publish, and manage your own APIs. AWS X-Ray is a distributed tracing tool that helps you analyze and debug production applications, such as REST APIs, that are running in AWS. Enabling X-Ray tracing for API Gateway REST API stages ensures that you can accurately trace and track requests as they flow through your API, helping you identify and diagnose performance issues or potential security risks more effectively.

Troubleshooting Steps:

If X-Ray tracing is not enabled for your API Gateway REST API stages, you can follow these steps to troubleshoot and enable it:

  2. 1.

    Check API Gateway Stage Configuration: Ensure that you have the necessary permissions to modify API Gateway resources and check the stage configuration. Specifically, verify that the tracing setting for the stage is not set to "None" or "PassThrough."

  4. 2.

    Enable X-Ray Tracing: To enable X-Ray tracing for your API Gateway REST API stage, you can use the AWS Command Line Interface (CLI) or AWS Management Console.

    • CLI Command: Use the following AWS CLI command to enable X-Ray tracing for a specific stage:

      aws apigateway update-stage --rest-api-id <REST_API_ID> --stage-name <STAGE_NAME> --patch-operations op=replace,path=/tracingEnabled,value=true

      Replace 

      <REST_API_ID>
      with the ID of your REST API and 
      <STAGE_NAME>
      with the name of your stage.

    • AWS Management Console:

      • Go to the AWS Management Console and open the API Gateway service.
      • Find your API and navigate to the Stages section.
      • Select the desired stage and click on the "Settings" tab.
      • Under "Tracing," select "Enable X-Ray Tracing" and save the changes.
  6. 3.

    Verify X-Ray Integration: Once the X-Ray tracing is enabled, you can verify if it is functioning correctly by following these steps:

    • Generate requests to your API Gateway REST API using the appropriate tools or clients.
    • Open the X-Ray service in the AWS Management Console.
    • Go to the "Traces" section and search for traces related to your API Gateway REST API.
    • Check if the tracing information, including traces, segments, and subsegments, are appearing in X-Ray.

Necessary Codes:

No specific code is required to enable X-Ray tracing for API Gateway REST API stages. Instead, you can use the provided CLI command or AWS Management Console instructions as mentioned in the Troubleshooting Steps section.

Step-by-Step Guide for Remediation:

To enable AWS X-Ray tracing for your API Gateway REST API stages, follow these steps:

  2. 1.

    Check Stage Configuration:

    • Ensure you have the necessary permissions to manage API Gateway stages.
    • Open the AWS Management Console and navigate to the API Gateway service.
    • Locate your target API and click on its name to access the API details.
  4. 2.

    Access Stage Settings:

    • In the API details page, find the "Stages" section and select the appropriate stage where you want to enable X-Ray tracing.
    • Click on the stage name to access its configurations.
  6. 3.

    Enable X-Ray Tracing:

    • In the Stage configuration page, navigate to the "Settings" tab.
    • Locate the "Tracing" section and check if it is currently set to "None" or "PassThrough."
    • Change the tracing setting to "Enable X-Ray Tracing" if it is not already selected.
  8. 4.

    Save Changes:

    • After enabling X-Ray tracing, click on the "Save Changes" button to apply the configuration.
  10. 5.

    Verify X-Ray Integration:

    • Generate requests to your API Gateway REST API using tools or clients.
    • Open the AWS Management Console and go to the X-Ray service.
    • Access the "Traces" section and search for traces related to your API Gateway REST API.
    • Verify that the tracing information, including traces, segments, and subsegments, are appearing correctly.

By following these steps, you will ensure that X-Ray tracing is enabled and functioning for your API Gateway REST API stages, adhering to the AWS Foundational Security Best Practices.

Is your System Free of Underlying Vulnerabilities?
Find Out Now