This rule ensures encryption at rest is enabled for API Gateway stage cache
Rule | API Gateway stage cache encryption at rest should be enabled |
Framework | CISA-cyber-essentials |
Severity | ✔ Medium |
Rule Description
The API Gateway stage cache encryption at rest should be enabled for CISA-cyber-essentials. This rule ensures that caching of API responses in the API Gateway stage is encrypted at rest, in compliance with the security standards set by CISA (Cybersecurity and Infrastructure Security Agency).
When the cache encryption at rest is enabled, the API Gateway ensures that all cached data, including API responses, is stored securely using encryption mechanisms. This helps protect sensitive information from unauthorized access and ensures compliance with CISA-cyber-essentials requirements.
Troubleshooting Steps
If the API Gateway stage cache encryption at rest is not enabled for CISA-cyber-essentials, you may encounter the following issues:
To troubleshoot and enable cache encryption at rest, follow the steps below.
Necessary Codes (if applicable)
No specific codes are required for this rule. The configuration can be done through the AWS Management Console or AWS Command Line Interface (CLI).
Step-by-Step Guide for Remediation
To enable API Gateway stage cache encryption at rest for CISA-cyber-essentials, follow these steps:
Step 1: Access the AWS Management Console
Step 2: Navigate to API Gateway
Step 3: Select the API Gateway
Step 4: Open the Stages Configuration
Step 5: Select the Stage
Step 6: Configure Cache Encryption At Rest
In the selected stage configuration, click on the "Settings" tab.
Scroll down to the "Caching" section.
Enable the "Encrypt cache data at rest" option.
Click on the "Save Changes" button to save the updated configuration.
Step 7: Verify Configuration
After saving the changes, verify the cache encryption at rest configuration by performing the following steps:
Conclusion
By following the above step-by-step guide, you can successfully enable cache encryption at rest for API Gateway stages, ensuring compliance with CISA-cyber-essentials requirements. It is crucial to protect sensitive information stored in the cache to prevent unauthorized access and maintain a secure infrastructure.