Login

Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

Enable API Gateway Stage Logging Rule

This rule requires enabling logging for API Gateway stages to ensure proper monitoring and security measures.

RuleAPI Gateway stage logging should be enabled
FrameworkNIST 800-53 Revision 5
Severity
High

Rule Description:

API Gateway stage logging should be enabled to comply with the requirements of NIST 800-53 Revision 5. Enabling stage logging allows for auditing, debugging, and monitoring API traffic, ensuring the security and compliance of your API infrastructure.

Troubleshooting Steps:

If stage logging is not enabled, you might encounter the following issues:

  2. 1.
    Lack of visibility into API activity, making it difficult to track and investigate potential security incidents.
  4. 2.
    Inability to comply with auditing requirements set by regulatory frameworks such as NIST 800-53 Revision 5.
  6. 3.
    Difficulty in identifying and troubleshooting API-related issues and errors.

Necessary Codes (if applicable):

If you are using AWS API Gateway, you can enable stage logging by following these steps:

  2. 1.
    Open the AWS Management Console and navigate to the API Gateway service.
  4. 2.
    Select the desired API Gateway instance.
  6. 3.
    Choose the "Stages" tab.
  8. 4.
    Select the particular stage you want to enable logging for.
  10. 5.
    Click on the "Logs" tab.
  12. 6.
    Under the "Enable CloudWatch Logs" section, toggle the switch to enable stage logging.
  14. 7.
    Choose the desired log format and configures other options as per your requirements.
  16. 8.
    Select an existing CloudWatch Logs group or create a new one.
  18. 9.
    Click on the "Save Changes" button to apply the changes.

Note: The exact steps might vary depending on the cloud service provider or API Gateway platform you are using.

Remediation Steps:

To enable stage logging for API Gateway, follow the step-by-step guide below:

  2. 1.
    Log in to your AWS Management Console.
  4. 2.
    Navigate to the API Gateway service.
  6. 3.
    Select the API Gateway instance that needs stage logging enabled.
  8. 4.
    In the left sidebar, click on "Stages."
  10. 5.
    Choose the specific stage you want to enable logging for.
  12. 6.
    Click on the "Logs" tab.
  14. 7.
    Under the "Enable CloudWatch Logs" section, toggle the switch to enable stage logging.
  16. 8.
    Choose the desired log format (e.g., JSON) or customize it based on your requirements.
  18. 9.
    Configure other options such as data sampling rate, logging level, etc., as needed.
  20. 10.
    Select an existing CloudWatch Logs group or create a new one to store the logged data.
  22. 11.
    Click on the "Save Changes" button to save your configuration and enable stage logging for the selected stage.

By following these steps, you will successfully enable stage logging for API Gateway, ensuring compliance with NIST 800-53 Revision 5 and providing valuable visibility into API activity.

Is your System Free of Underlying Vulnerabilities?
Find Out Now