Ensure detailed CloudWatch Metrics are enabled for AWS API Gateway Method Settings

MEDIUM

Description

Only specific CloudWatch Metrics for APIs can miss some important alerts. This can impact the incident response process.

Remediation

In AWS Console -

  1. Sign in to AWS console and go to the API Gateway console.
  2. Select the API you want and click on Stages.
  3. In the Stage list for the API, choose the stage.
  4. Select Logs in the Stage Editor.
  5. To enable, select Enable Detailed CloudWatch Metrics under CloudWatch Settings.
  6. Select Save Changes.

In Terraform -

  1. In the aws_api_gateway_method_settings resource, set 'settings.metrics_enabled' to 'true'.

References:
https://docs.aws.amazon.com/apigateway/latest/developerguide/cloudtrail.html
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/api_gateway_method_settings#metrics_enabled

Policy Details

Rule Reference ID: AC_AWS_0007
CSP: AWS
Remediation Available: Yes
Resource Category: Virtual Network
Resource Type: API Gateway

Frameworks