Cloud Defense Logo

Products

Solutions

Company

Rule: API Gateway Stage Cache Encryption at Rest Enabled

This rule ensures encryption at rest is enabled for API Gateway stage cache

RuleAPI Gateway stage cache encryption at rest should be enabled
FrameworkCISA-cyber-essentials
Severity
Medium

Rule Description

The API Gateway stage cache encryption at rest should be enabled for CISA-cyber-essentials. This rule ensures that caching of API responses in the API Gateway stage is encrypted at rest, in compliance with the security standards set by CISA (Cybersecurity and Infrastructure Security Agency).

When the cache encryption at rest is enabled, the API Gateway ensures that all cached data, including API responses, is stored securely using encryption mechanisms. This helps protect sensitive information from unauthorized access and ensures compliance with CISA-cyber-essentials requirements.

Troubleshooting Steps

If the API Gateway stage cache encryption at rest is not enabled for CISA-cyber-essentials, you may encounter the following issues:

  1. 1.
    Non-compliance with CISA-cyber-essentials requirements.
  2. 2.
    Increased risk of exposing sensitive information stored in the cache.

To troubleshoot and enable cache encryption at rest, follow the steps below.

Necessary Codes (if applicable)

No specific codes are required for this rule. The configuration can be done through the AWS Management Console or AWS Command Line Interface (CLI).

Step-by-Step Guide for Remediation

To enable API Gateway stage cache encryption at rest for CISA-cyber-essentials, follow these steps:

Step 1: Access the AWS Management Console

  1. 1.
    Log in to the AWS Management Console using your AWS account credentials.

Step 2: Navigate to API Gateway

  1. 1.
    Once logged in, navigate to the API Gateway service by searching for "API Gateway" in the services search bar and clicking on it.

Step 3: Select the API Gateway

  1. 1.
    Select the API Gateway that corresponds to the stage where the cache encryption at rest needs to be enabled.

Step 4: Open the Stages Configuration

  1. 1.
    In the API Gateway details page, click on the "Stages" tab.

Step 5: Select the Stage

  1. 1.
    Locate and select the specific stage for which you want to enable cache encryption at rest.

Step 6: Configure Cache Encryption At Rest

  1. 1.

    In the selected stage configuration, click on the "Settings" tab.

  2. 2.

    Scroll down to the "Caching" section.

  3. 3.

    Enable the "Encrypt cache data at rest" option.

  4. 4.

    Click on the "Save Changes" button to save the updated configuration.

Step 7: Verify Configuration

  1. 1.

    After saving the changes, verify the cache encryption at rest configuration by performing the following steps:

    • Perform an API request that results in caching a response.
    • Confirm that the cached response is now encrypted at rest.

Conclusion

By following the above step-by-step guide, you can successfully enable cache encryption at rest for API Gateway stages, ensuring compliance with CISA-cyber-essentials requirements. It is crucial to protect sensitive information stored in the cache to prevent unauthorized access and maintain a secure infrastructure.

Is your System Free of Underlying Vulnerabilities?
Find Out Now