AWS Config Rule: API Gateway Execution Logging Enabled

API_GW_EXECUTION_LOGGING_ENABLED

Ryan Ware

Last Update 8 tháng trước

Description: Checks that all methods in Amazon API Gateway stage has logging enabled. The rule is NON_COMPLIANT if logging is not enabled. The rule is NON_COMPLIANT if loggingLevel is neither ERROR nor INFO.


Trigger type: Configuration changes


AWS Region: All supported AWS regions except Asia Pacific (Jakarta), Africa (Cape Town), Asia Pacific (Hyderabad), Asia Pacific (Osaka), Asia Pacific (Melbourne), Europe (Milan), Europe (Spain), Europe (Zurich) Region


How to Resolve Manually

You can enable Logging for your API Gateway manually by heading to the API Gateway Dashboard within your AWS Console. Access logs are written for every API request. You can opt between CLF, JSON, XML or CSV formatting before it gets written to CloudWatch Logs.


On the left hand side menu, under Monitor, choose Logging.


Here you can see if you have logging enabled or not. When you enable logging, you will be able to choose your desired format and also choose the CloudWatch Logs destination, like in the example below;

Remember that to enable logging for an API, you will need permissions to create this resource. 


Want to know more about StackZone and how to make your cloud management simple and secure?

Check our how it works section with easy to follow videos or just create your own StackZone Account here

Was this article helpful?

0 out of 0 liked this article

Still need help? Message Us