Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

Rule: API Gateway Stage Cache Encryption at Rest Enabled

This rule ensures API Gateway stage cache encryption at rest is enabled.

RuleAPI Gateway stage cache encryption at rest should be enabled
FrameworkRBI Cyber Security Framework
Severity
Medium

Rule Description

The API Gateway stage cache encryption at rest rule states that encryption at rest should be enabled for the stage cache in API Gateway, in compliance with the RBI Cyber Security Framework. This rule ensures that the data stored in the cache is protected and secure, reducing the risk of unauthorized access or data breaches.

Troubleshooting Steps

If you encounter issues with enabling encryption at rest for the API Gateway stage cache, follow these troubleshooting steps:

  1. 1.

    Verify IAM Policies: Ensure that the IAM policies associated with your API Gateway stage allow the necessary permissions for enabling encryption at rest.

  2. 2.

    Check Encryption Configuration: Double-check the encryption configuration settings to ensure that they are correctly set for the stage cache. Make sure that the correct encryption key is assigned and that encryption at rest is enabled.

  3. 3.

    Verify KMS Key Permissions: Ensure that the AWS Key Management Service (KMS) key used for encryption has proper permissions to allow API Gateway to use it for encryption at rest.

  4. 4.

    Review Error Logs: Check the API Gateway error logs to identify any specific error messages related to encryption at rest. These logs can provide valuable information for troubleshooting the issue.

  5. 5.

    Test with a New Stage: Create a new stage in API Gateway and enable encryption at rest to see if the issue persists. This can help identify if the problem is specific to a particular stage or a global issue.

Necessary Codes

No specific codes are required for enabling encryption at rest for the API Gateway stage cache. However, you may need to modify the API Gateway stage configuration using AWS CLI commands.

Step-by-Step Guide for Remediation

Follow the step-by-step guide below to enable encryption at rest for the API Gateway stage cache:

  1. 1.

    Log in to the AWS Management Console.

  2. 2.

    Open the API Gateway service.

  3. 3.

    Select the API Gateway API that corresponds to the desired stage cache.

  4. 4.

    Navigate to the Stages section and select the desired stage.

  5. 5.

    Under the Stage Editor, click on the Cache tab.

  6. 6.

    Locate the Cache Settings section and ensure that the Enable Encryption at Rest option is checked.

  7. 7.

    Select the appropriate AWS Key Management Service (KMS) key from the Encryption Key dropdown. If no key is available, create a new one in the AWS KMS service.

  8. 8.

    Click on the Save button to apply the changes.

  9. 9.

    Verify that encryption at rest is enabled by reviewing the stage cache settings.

  10. 10.

    Test the API Gateway to ensure that it is functioning as expected with the encrypted stage cache.

By following these steps, you will successfully enable encryption at rest for the API Gateway stage cache in compliance with the RBI Cyber Security Framework.

Note: It is important to regularly monitor your API Gateway and associated resources to ensure that encryption at rest remains enabled and properly configured.

Is your System Free of Underlying Vulnerabilities?
Find Out Now