API Gateway REST and WebSocket API execution logging is disabled

firetail:aws-api-gateway-access-logging-disabled

Type:

CSPM

Rule Severity:

Low

The API Gateway stage is not configured to enable execution logging for REST or WebSocket API operations.

Without logging, it becomes challenging to monitor API activity, troubleshoot issues, or identify potential security threats. Logging is crucial for maintaining visibility into API usage, analyzing performance metrics, and detecting anomalies.

Remediation

Enable logging for all REST and WebSocket API stages. Configure the logging level to either INFO for detailed insights or ERROR to capture issues effectively.

Example Attack Scenario

An attacker attempts to exploit an API endpoint by sending a large number of requests to a REST API with invalid parameters. Without execution logging enabled, you wouldn't see the abnormal traffic patterns or error responses. With logging enabled, all failed requests would be captured, allowing your security team to detect and mitigate the attack by blocking the malicious IP or investigating the issue further.

How to Identify with Example Scenario

How to Resolve with Example Scenario

How to Identify with Example Scenario

Find the text in bold to identify issues such as these in API specifications

How to Resolve with Example Scenario

Modify the text in bold to resolve issues such as these in API specifications
References:

More findings

All Findings
Missing global security
Average combined header size elevated
PHP injection found in logs
Twilio secrets found in logs
Plaintext digest authentication
GraphQL client error