Rule: API Gateway Stage Cache Encryption at Rest Should Be Enabled

This rule ensures that API Gateway stage cache encryption at rest is enabled for enhanced security measures.

Rule	API Gateway stage cache encryption at rest should be enabled
Framework	NIST 800-171 Revision 2
Severity	✔ Medium

API Gateway Stage Cache Encryption at Rest

Description:

The API Gateway stage cache is a feature that allows caching responses from your API's resources and methods. Encryption at rest is a security measure that ensures the cached data is stored securely and protected from unauthorized access. Enabling encryption at rest for the API Gateway stage cache is particularly important when compliance with NIST 800-171 Revision 2 is required.

Troubleshooting Steps:

If encryption at rest is not enabled for the API Gateway stage cache, the cached data may be at risk of unauthorized access. To troubleshoot this, follow the steps below:

1.
Verify the current configuration of the API Gateway stage cache.

2.
Check if encryption at rest is enabled for the stage cache.

3.
If encryption at rest is not enabled, take necessary actions to enable it.

Necessary Codes:

If encryption at rest is not enabled by default, you may need to modify the API Gateway stage cache configuration by adding the necessary code. Below is an example of the code snippet that enables encryption at rest for the stage cache:

Stage:
  Type: AWS::ApiGatewayV2::Stage
  Properties:
    ...
    CachingEnabled: true
    CacheTtlInSeconds: 300
    ...
    DefaultCacheBehavior:
      ...
      LambdaFunctionAssociations:
        - FunctionArn: arn:aws:lambda:us-west-2:123456789012:function:MyFunction
      ...
    ...
    Tags:
      ...
  DependsOn: MyFunction

Step by Step Guide for Remediation:

Follow the steps below to enable encryption at rest for the API Gateway stage cache:

1.
Navigate to the AWS Management Console and open the Amazon API Gateway service.

2.
Choose the API you want to enable stage cache encryption for.

3.
In the left navigation pane, select the "Stages" option.

4.
Choose the appropriate stage from the list.

5.
In the "Settings" tab, locate the "Cache settings" section.

6.
Ensure that the "Enable cache" checkbox is selected.

7.
Verify that the "Cache capacity" and "TTL" settings are configured appropriately.

8.
Check if there is an option to enable "Encryption at rest" or "Enable encryption" in the cache settings. If available, enable it.

9.
Save the changes and verify that the encryption at rest is now enabled for the API Gateway stage cache.

Note: The exact steps may vary depending on the AWS Management Console's interface updates.

Rule: API Gateway Stage Cache Encryption at Rest Should Be Enabled

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Description:

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Troubleshooting Steps:

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Necessary Codes:

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Step by Step Guide for Remediation:

Is your System Free of Underlying Vulnerabilities? Find Out Now

Description:

Troubleshooting Steps:

Necessary Codes:

Step by Step Guide for Remediation:

Is your System Free of Underlying Vulnerabilities?
Find Out Now