AWS Config Rule: API Gateway X-Ray Enabled

Description: Checks if AWS X-Ray tracing is enabled on Amazon API Gateway REST APIs. The rule is COMPLIANT if X-Ray tracing is enabled and NON_COMPLIANT otherwise.

Trigger type: Configuration changes

AWS Region: All supported AWS regions except Asia Pacific (Jakarta), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Osaka), Asia Pacific (Melbourne), AWS GovCloud (US-East), AWS GovCloud (US-West), Europe (Spain), Europe (Zurich) Region

You will need an API Gateway REST API which is already deployed, in order to configure X-Ray Tracing.

Head on over to the Amazon API Gateway dashboard within your AWS Console. Click on your deployed REST API Gateway.

Once you are here, view your Stages and take a look at the Logs/Tracing Tab. Here you will see the option to Enable X-Ray Tracing

When enabling X-Ray Tracing, API Gateway will create an IAM Role with the following permissions: "xray:PutTraceSegments", "xray:PutTelemetryRecords".

You will also be able to set X-Ray Sampling Rules using the link next to the enable/disable tickbox.

You can resolve this with StackZone by enabling the remediation for this Config Rule. StackZone will then be able to run an SSM Document which will enable tracing on an Amazon API Gateway Stage using the UpdateStage API.

To enable this in your StackZone Deployment, head on over to Baseline Services / AWS Config Rules Regional / Development and enable API Gateway X-Ray Enabled Remediation

Want to know more about StackZone and how to make your cloud management simple and secure?

Check our how it works section with easy to follow videos or just create your own StackZone Account here