Rule: API Gateway Stage Logging Should Be Enabled
This rule ensures that API Gateway stage logging is enabled to maintain security and compliance.
| Rule | API Gateway stage logging should be enabled |
| Framework | RBI Cyber Security Framework |
| Severity | ✔ High |
API Gateway Stage Logging for RBI Cyber Security Framework
Rule Description
The API Gateway stage logging should be enabled for the RBI (Reserve Bank of India) Cyber Security Framework to ensure proper monitoring and auditing of API requests and responses. Enabling stage logging allows the collection of detailed logs that can be used for security analysis, troubleshooting, and compliance requirements.
Troubleshooting Steps
If the stage logging is not enabled or not working properly, follow the troubleshooting steps below:
- 1.
Check API Gateway Stage: Ensure that the API Gateway stage is correctly configured and associated with the relevant APIs.
- 2.
Verify Logging Settings: Go to the API Gateway console and navigate to the specific stage of the API. Check that stage logging is enabled and properly configured.
- 3.
Check IAM Permissions: Ensure that the IAM (Identity and Access Management) roles associated with the API Gateway stage have the necessary permissions to write logs to CloudWatch or other logging services.
- 4.
Review CloudWatch Logs: If using CloudWatch for logging, review the CloudWatch Logs for any potential issues, such as log group misconfiguration or logging failures.
- 5.
Check Error Logs: Examine error logs or error codes returned by the API Gateway to identify any specific issues related to stage logging.
- 6.
Debugging Lambda Proxy Integration: If using Lambda proxy integration, verify that the Lambda function associated with the API Gateway has proper logging and error handling enabled.
- 7.
Contact AWS Support: If the troubleshooting steps above do not resolve the issue, reach out to AWS Support for further assistance.
Necessary Codes
There are no specific codes required for enabling API Gateway stage logging. However, you may need to modify the API Gateway configuration settings through the AWS Management Console or using the AWS Command Line Interface (CLI). Refer to the following step-by-step guide for remediation.
Step-by-Step Guide for Remediation
Follow the steps below to enable API Gateway stage logging for RBI Cyber Security Framework:
- 1.
Login to AWS Console: Access the AWS Management Console with appropriate credentials.
- 2.
Navigate to API Gateway: Go to the API Gateway service within the AWS Management Console.
- 3.
Select the Relevant API: Identify and select the API that is associated with the RBI Cyber Security Framework.
- 4.
Choose a Stage: Within the selected API, choose the appropriate stage where you want to enable logging.
- 5.
Enable Stage Logging: In the stage settings, locate the logging options and ensure that logging is enabled.
- 6.
Configure Logging Details: If necessary, configure the logging details such as log format, destination, and retention period.
- 7.
Save Configuration Changes: Save the changes to enable stage logging for the selected API Gateway stage.
Conclusion
Enabling stage logging in the API Gateway ensures proper monitoring, auditing, and compliance with the RBI Cyber Security Framework. Following the provided troubleshooting steps and using the step-by-step guide should help in enabling stage logging and resolving any related issues.