This rule ensures encryption at rest for API Gateway stage cache for better security.
Rule | API Gateway stage cache encryption at rest should be enabled |
Framework | General Data Protection Regulation (GDPR) |
Severity | ✔ Medium |
Rule Description:
The API Gateway stage cache encryption at rest should be enabled to ensure compliance with the General Data Protection Regulation (GDPR). Enabling this feature will protect sensitive data stored in the API Gateway's cache by encrypting it at rest.
Troubleshooting Steps:
If the stage cache encryption at rest is not enabled, you may encounter the following issues:
Necessary Codes:
No specific codes are required for this rule. The encryption at rest feature can be enabled through the API Gateway console or using the AWS Command Line Interface (CLI).
Step-by-Step Guide for Remediation:
To enable API Gateway stage cache encryption at rest, follow these steps:
Alternatively, you can use the AWS CLI to enable cache encryption. Follow these steps:
Open the AWS CLI on your local machine or use the AWS CLI integrated in the AWS Management Console.
Run the following command to enable cache encryption for the desired stage:
aws apigateway update-stage --rest-api-id <rest-api-id> --stage-name <stage-name> --patch-operations op='replace',path='/cacheClusterEnabled',value='True' --patch-operations op='replace',path='/cacheClusterSize',value='<cache-size>' --patch-operations op='replace',path='/cacheClusterConfig/enabled',value='True' --patch-operations op='replace',path='/cacheClusterConfig/encrypted',value='True'
Replace
<rest-api-id>
with the ID of your API Gateway and <stage-name>
with the name of the desired stage. Additionally, provide the desired cache size within <cache-size>
.Wait for the command to execute successfully. Once complete, the cache encryption at rest will be enabled for the specified stage.
Enabling the API Gateway stage cache encryption at rest will help you comply with GDPR regulations and enhance the security of your sensitive data.