This plugin ensures that Amazon API Gateway APIs have content encoding enabled.
Risk Level: Low
Description:
This plugin ensures that Amazon API Gateway APIs have content encoding enabled. Enabling the API Gateway Content-Encoding facilitates compression of response bodies based on the client's Accept-Encoding header.
About the Service :
API(Application Programming Interface) Gateway is an AWS service that lies between the client and tons of backend services. The actions performed by API Gateways include creating, deploying, and managing RESTful API and WebSocket API.
Impact :
The disabled API Gateway Content-Encoding means the client cannot send compressed payloads to call the APIs hence it will reduce the performance of web APIs as well as increase the bandwidth utilization.
Steps to reproduce :
- Log in to your AWS console.
- Navigate to API Gateway Dashboard.
- Select APIs to open the API listing page, in the left navigation panel.
- Select the required API by clicking on its name.
- On the API submenu, select Settings, to view API configurations.
- Within Settings, we can view whether the Content-Encoding option is enabled or disabled.
Steps for remediation :
- Log in to your AWS console.
- Navigate to API Gateway Dashboard.
- Select APIs to open the API listing page, in the left navigation panel.
- Select the required API by clicking on its name
- On the API submenu, select Settings, to view API configurations.
- In Settings, inside the Content-Encoding option, perform the following steps :
- Enable Content-Encoding by clicking on the checkbox.
- Within the Minimum body size required for Compression, set the threshold value for the minimum compression size attribute within the range 0 - 10485760 bytes, according to your requirement.
- Select Save Changes to apply configurations and enable the Content-Encoding for the selected API.
References: