Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

Rule: API Gateway Stage Cache Encryption at Rest Should Be Enabled

This rule ensures encryption at rest for API Gateway stage cache for better security.

RuleAPI Gateway stage cache encryption at rest should be enabled
FrameworkGeneral Data Protection Regulation (GDPR)
Severity
Medium

Rule Description:

The API Gateway stage cache encryption at rest should be enabled to ensure compliance with the General Data Protection Regulation (GDPR). Enabling this feature will protect sensitive data stored in the API Gateway's cache by encrypting it at rest.

Troubleshooting Steps:

If the stage cache encryption at rest is not enabled, you may encounter the following issues:

  1. 1.
    Non-compliance with GDPR requirements for data protection.
  2. 2.
    Increased risk of data breaches and unauthorized access to sensitive information.

Necessary Codes:

No specific codes are required for this rule. The encryption at rest feature can be enabled through the API Gateway console or using the AWS Command Line Interface (CLI).

Step-by-Step Guide for Remediation:

To enable API Gateway stage cache encryption at rest, follow these steps:

  1. 1.
    Open the AWS Management Console and navigate to the API Gateway service.
  2. 2.
    Select the API Gateway instance you wish to configure.
  3. 3.
    In the left sidebar, click on "Stages" to view the available stages for the selected API.
  4. 4.
    Select the stage for which you want to enable cache encryption.
  5. 5.
    Under the selected stage, click on the "Settings" tab.
  6. 6.
    Scroll down to the "Cache Settings" section.
  7. 7.
    Enable the "Encrypt cache data at rest" option.
  8. 8.
    Save the changes.

Alternatively, you can use the AWS CLI to enable cache encryption. Follow these steps:

  1. 1.

    Open the AWS CLI on your local machine or use the AWS CLI integrated in the AWS Management Console.

  2. 2.

    Run the following command to enable cache encryption for the desired stage:

    aws apigateway update-stage --rest-api-id <rest-api-id> --stage-name <stage-name> --patch-operations op='replace',path='/cacheClusterEnabled',value='True' --patch-operations op='replace',path='/cacheClusterSize',value='<cache-size>' --patch-operations op='replace',path='/cacheClusterConfig/enabled',value='True' --patch-operations op='replace',path='/cacheClusterConfig/encrypted',value='True'
    

    Replace

    <rest-api-id>
    with the ID of your API Gateway and
    <stage-name>
    with the name of the desired stage. Additionally, provide the desired cache size within
    <cache-size>
    .

  3. 3.

    Wait for the command to execute successfully. Once complete, the cache encryption at rest will be enabled for the specified stage.

Enabling the API Gateway stage cache encryption at rest will help you comply with GDPR regulations and enhance the security of your sensitive data.

Is your System Free of Underlying Vulnerabilities?
Find Out Now