Rule: API Gateway Stage Cache Encryption at Rest Should Be Enabled

This rule checks if encryption at rest is enabled for API Gateway stage cache, with a focus on data protection.

Rule	API Gateway stage cache encryption at rest should be enabled
Framework	NIST 800-53 Revision 5
Severity	✔ Medium

Rule Description

This rule requires enabling encryption at rest for the cache in API Gateway stages, in compliance with NIST 800-53 Revision 5.

Troubleshooting Steps

If encryption at rest is not enabled for the cache in API Gateway stages, follow the steps below to troubleshoot and implement the necessary changes:

1.
Identify the stages in your API Gateway deployment that have caching enabled.

2.
Check the current encryption settings for the cache in each of these stages.

3.
If encryption at rest is not enabled or configured correctly, follow the remediation steps provided below.

Remediation

To enable encryption at rest for the cache in API Gateway stages, follow the step-by-step guide below:

API Gateway Console

1.
Open the API Gateway Console.

2.
Select the API Gateway instance and stage that you want to configure.

3.
In the left navigation pane, click on the "Caching" tab.

4.
Under the "Caching Settings" section, locate the option for "Encryption at Rest".

5.
Enable the encryption by ticking the checkbox or selecting the appropriate encryption method.

6.
Save the changes.

AWS CLI

1.
Open a command-line interface (CLI) tool.

2.
Run the following command to enable encryption at rest for the cache in API Gateway stages:

aws apigateway update-stage-cache --rest-api-id <rest_api_id> --stage-name <stage_name> --patch-operations op=replace,path=/caching/enableCacheEncryptionAtRest,value=true

Note: Replace
<rest_api_id>
with the unique identifier of your API Gateway instance, and
<stage_name>
with the name of the stage you want to configure.

1.
Verify that the encryption at rest has been enabled by checking the API Gateway stage settings.

Conclusion

By following the above steps, you have enabled encryption at rest for the cache in API Gateway stages, ensuring compliance with NIST 800-53 Revision 5. Regularly review and test the encryption settings to maintain the security of your API Gateway deployment.

Rule: API Gateway Stage Cache Encryption at Rest Should Be Enabled

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}API Gateway Console

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}AWS CLI

Is your System Free of Underlying Vulnerabilities? Find Out Now

API Gateway Console

AWS CLI

Is your System Free of Underlying Vulnerabilities?
Find Out Now