More Info:

API Gateway execution logging should be enabled

Risk Level

Low

Address

Monitoring

Compliance Standards

CBP,GDPR,HIPAA,ISO27001,SEBI,RBI_MD_ITF,RBI_UCB

Triage and Remediation

Check Cause

  1. Sign in to the AWS Management Console.
  2. Navigate to the API Gateway console. You can find this by typing ‘API Gateway’ into the search bar at the top of the console.
  3. In the API Gateway console, select the API you want to check.
  4. In the left navigation pane, under the selected API, click on ‘Stages’. Here, you will see a list of all the stages for your API.
  5. Select a stage, then in the main panel, click on the ‘Logs/Tracing’ tab. Here, you can check if the ‘Enable CloudWatch Logs’ option is enabled. If it is not, then API Gateway Execution Logging is not enabled for that API stage. Repeat this process for all stages of the API to ensure logging is enabled across the entire API.