AWS Config Rule: API Gateway Execution Logging Enabled
API_GW_EXECUTION_LOGGING_ENABLED
Ryan Ware
Last Update 2 months ago
Description: Checks that all methods in Amazon API Gateway stage has logging enabled. The rule is NON_COMPLIANT if logging is not enabled. The rule is NON_COMPLIANT if loggingLevel is neither ERROR nor INFO.
Trigger type: Configuration changes
AWS Region: All supported AWS regions except Asia Pacific (Jakarta), Asia Pacific (Osaka), Canada West (Calgary) Region
How to Resolve Manually
You can enable Logging for your API Gateway manually by heading to the API Gateway Dashboard within your AWS Console. Access logs are written for every API request. You can opt between CLF, JSON, XML or CSV formatting before it gets written to CloudWatch Logs.
On the left hand side menu, under Monitor, choose Logging.
Here you can see if you have logging enabled or not. When you enable logging, you will be able to choose your desired format and also choose the CloudWatch Logs destination, like in the example below;
Remember that to enable logging for an API, you will need permissions to create this resource.
Want to know more about StackZone and how to make your cloud management simple and secure?
Check our how it works section with easy to follow videos or just create your own StackZone Account here
