AWS-APIGateway-encryption-disable-for-caching-for-REST-api-stage

Severity: Medium

Description: This control ensures that data encryption is enabled if caching is enabled for all Rest API Stages in all regions. With caching, you can reduce the number of calls made to your endpoint and also improve the latency of requests to your API. When you enable caching for a stage, API Gateway caches responses from your endpoint for a specified time-to-live (TTL) period, in seconds. API Gateway then responds to the request by looking up the endpoint response from the cache instead of making a request to your endpoint. If a method anticipate that caching will receive sensitive data in its responses, in Cache Settings, choose Encrypt cache data.

Remediation Steps:

Perform following to enable logging for REST Api:

1. Login to the AWS Management Console at https://console.aws.amazon.com.

2. Navigate to o API Gateway console.

3. On the Stages pane, choose the Logs/Tracing tab

4. On the Settings tab,Under Cache Settings, Choose the Enable API Cache check box

5. Choose the Encrypt cache data check box

6. Click on Save Changes.

Important:

Reference:

• Data encryption in Amazon API Gateway - Amazon API Gateway

• Cache settings for REST APIs in API Gateway - Amazon API Gateway