Amazon API Gateway

API Gateway Tracing Disabled

This plugin ensures that active tracing is enabled for your Amazon API Gateway API stages, to ensure the sampling of incoming requests and submit traces to AWS X-Ray

Risk Level: Low

Description:

This plugin ensures that active tracing is enabled for your Amazon API Gateway API stages, to ensure the sampling of incoming requests and submit traces to AWS X-Ray . The X-Ray service will trace and analyze user requests as they travel through your AWS API Gateway APIs to the underlying services once this functionality is enabled. We can analyze latency in APIs and backend services from the end-to-end view of HTTP requests provided by the Amazon  X-Ray.

About the Service:

API(Application Programming Interface) Gateway is an AWS service that lies between the client and tons of backend services. The actions performed by API Gateways include creating, deploying, and managing RESTful API and WebSocket API.

Impact:  

In case tracing is disabled Amazon API Gateway service will not be able to sample API invocation requests based on the sampling algorithm specified by AWS X-Ray. Moreover, there will not be an end-to-end view of an entire HTTP request that will not allow us to analyze latencies in APIs and their backend services.

Steps to reproduce :

  1. Sign-in to AWS management console.
  2. Navigate to API Gateway dashboard at https://console.aws.amazon.com/apigateway/
  3. Open the API listing page by selecting APIs, present in the left navigation panel.
  4. Choose the API you want to examine.
  5. Select Stages to list the created staged for the selected API, in the API submenu.
  6. Select the stage of your choice from the given stages.
  7. Select Logs / Tracing tab from the dashboard.
  8. In the Log / Tracing section, visit the X-Ray Tracing section, and check Enable X-Ray Tracing setting status to find if tracing is enabled or disabled.

 Steps for remediation :

  1. Sign-in to AWS management console.
  2. Navigate to API Gateway dashboard at https://console.aws.amazon.com/apigateway/
  3. Open the API listing page by selecting APIs, present in the left navigation panel.
  4. Choose the API you want to examine.
  5. Select Stages to list the created staged for the selected API, in the API submenu.
  6. Select the stage of your choice from the given stages.
  7. Select the Logs / Tracing tab from the dashboard.
  8. In the Log / Tracing section, visit the X-Ray Tracing section, and check Enable X-Ray Tracing setting status to find if tracing is enabled or disabled.
  9. Click on the checkbox and enable the X-Ray Tracing service for the API Gateway API.


References: