More Info:

Ensure XRAY is enabled for API Gateway

Risk Level

Low

Address

Reliability, Operational Maturity, Security

Compliance Standards

CBP

Triage and Remediation

Check Cause

Using Console

  1. Sign in to the AWS Management Console.
  2. Navigate to the API Gateway console. You can do this by typing “API Gateway” into the search bar at the top of the console, then selecting “API Gateway” from the dropdown menu.
  3. In the API Gateway console, select the API you want to check.
  4. In the settings for the selected API, look for the “Tracing” section. If X-Ray is enabled, there will be a checkmark next to “Enable X-Ray Tracing”. If there is no checkmark, then X-Ray is not enabled for this API.
  1. Install and configure AWS CLI: Before you can start using AWS CLI, you need to install it on your local machine and configure it with your AWS account credentials. You can do this by running the following commands: Installation: 
    pip install awscli
    Configuration: 
    aws configure
    You will be prompted to provide your AWS Access Key ID, Secret Access Key, Default region name, and Default output format.
  2. List all API Gateways: Use the following AWS CLI command to list all the API Gateways in your AWS account: 
    aws apigateway get-rest-apis
    This command will return a list of all the REST APIs in your account. Note down the “id” of the API Gateway you want to check.
  3. Get API Gateway details: Use the following AWS CLI command to get the details of the specific API Gateway: 
    aws apigateway get-rest-api --rest-api-id {api-id}
    Replace "" with the id of the API Gateway you noted down in the previous step. This command will return the details of the API Gateway.
  4. Check X-Ray tracing: In the output of the previous command, look for the “tracingEnabled” field. If the value of this field is “true”, then X-Ray tracing is enabled for the API Gateway. If the value is “false” or the field is not present, then X-Ray tracing is not enabled.
  1. Install the necessary Python libraries: Before you start, you need to install the AWS SDK for Python (Boto3) in your environment. This can be done using pip: 
    pip install boto3
  2. Configure AWS Credentials: You need to configure your AWS credentials. You can configure it in several ways, but the simplest is to use the AWS CLI: 
    aws configure
    You’ll be prompted to enter your AWS Access Key ID, Secret Access Key, default region name, and default output format.
  3. Create a Python script to list all API Gateway and check if X-Ray is enabled: 
    import boto3

def check_xray_enabled():
    client = boto3.client('apigateway')
    response = client.get_rest_apis()

    for api in response['items']:
        if 'xrayTracingEnabled' in api:
            if api['xrayTracingEnabled']:
                print(f"X-Ray is enabled for API Gateway: {api['name']}")
            else:
                print(f"X-Ray is not enabled for API Gateway: {api['name']}")
        else:
            print(f"X-Ray is not enabled for API Gateway: {api['name']}")

if __name__ == "__main__":
    check_xray_enabled()
    This script will list all your API Gateways and check if X-Ray is enabled. If it’s enabled, it will print “X-Ray is enabled for API Gateway: ”, otherwise it will print “X-Ray is not enabled for API Gateway: ”.
  4. Run the Python script: You can run the Python script using the following command: 
    python check_xray_enabled.py
    This will print the status of X-Ray for all your API Gateways.