API Gateway does not have X-Ray tracing enabled
Description
When an API Gateway stage has the active tracing feature enabled, Amazon API Gateway service automatically samples API invocation requests based on the sampling algorithm specified by AWS X-Ray. With tracing enabled X-Ray can provide an end-to-end view of an entire HTTP request. You can use this to analyze latencies in APIs and their backend services.
Code Example
{
"aws apigateway create-stage \\
--rest-api-id {rest-api-id} \\
--stage-name {stage-name} \\
--deployment-id {deployment-id} \\
--region {region} \\
--tracing-enabled=true
",
}Remediation
- AWS Console*
. Log in to the AWS Management Console at [https://console.aws.amazon.com/].
. Open the https://console.aws.amazon.com/apigateway [Amazon API Gateway console].
. In the APIs pane, choose the API, and then click * Stages*.
. In the * Stages **pane, choose the name of the stage.
. In the * Stage Editor** pane, choose the * Logs/Tracing* tab.
. To enable active X-Ray tracing, choose * Enable X-Ray Tracing* under X-Ray Tracing.
- CLI Command*
Rule Details
| Field | Value |
|---|---|
| ID | IAC-0126 |
| Severity | LOW |
| IaC Type | Cloudformation |
| Frameworks | CloudFormation, Terraform, TerraformPlan, Serverless |
| Checkov ID | CKV_AWS_73 |