AWS Config Rule: API Gateway X-Ray Enabled
API_GW_XRAY_ENABLED
Ryan Ware
Last Update 7 luni în urmă
Description: Checks if AWS X-Ray tracing is enabled on Amazon API Gateway REST APIs. The rule is COMPLIANT if X-Ray tracing is enabled and NON_COMPLIANT otherwise.
Trigger type: Configuration changes
AWS Region: All supported AWS regions except Asia Pacific (Jakarta), Asia Pacific (Hyderabad), Asia Pacific (Osaka), Canada West (Calgary), Europe (Spain) Region
How to Resolve Manually
You will need an API Gateway REST API which is already deployed, in order to configure X-Ray Tracing.
Head on over to the Amazon API Gateway dashboard within your AWS Console. Click on your deployed REST API Gateway.
Once you are here, view your Stages and take a look at the Logs/Tracing Tab. Here you will see the option to Enable X-Ray Tracing
When enabling X-Ray Tracing, API Gateway will create an IAM Role with the following permissions: "xray:PutTraceSegments", "xray:PutTelemetryRecords".
You will also be able to set X-Ray Sampling Rules using the link next to the enable/disable tickbox.
How to Resolve with StackZone
You can resolve this with StackZone by enabling the remediation for this Config Rule. StackZone will then be able to run an SSM Document which will enable tracing on an Amazon API Gateway Stage using the UpdateStage API.
To enable this in your StackZone Deployment, head on over to Baseline Services / AWS Config Rules Regional / Development and enable API Gateway X-Ray Enabled Remediation
Want to know more about StackZone and how to make your cloud management simple and secure?
Check our how it works section with easy to follow videos or just create your own StackZone Account here