More Info:

Ensure that response caching is enabled for your Amazon API Gateway REST APIs in order to enhance API responsiveness and decrease latency.

Risk Level

Medium

Address

Security

Compliance Standards

CBP

Triage and Remediation

Check Cause

Using Console

  1. Sign in to the AWS Management Console and open the Amazon API Gateway console at https://console.aws.amazon.com/apigateway/.
  2. In the navigation pane, choose the API Gateway service.
  3. In the APIs list, select the API you want to check.
  4. In the API details page, select the “Stages” option from the left side menu.
  5. In the Stages section, select the stage for which you want to check the API cache.
  6. In the Stage Editor panel, under the “Settings” tab, look for the “Cache Settings” section. If the “Enable API cache” checkbox is checked, then the API cache is enabled. If it’s not checked, then the API cache is not enabled.
  1. Install and configure AWS CLI: Before you can start using AWS CLI, you need to install it on your local system. You can download it from the official AWS website. After installation, you need to configure it with your AWS account credentials. You can do this by running the command aws configure and then entering your Access Key ID, Secret Access Key, Default region name, and Default output format when prompted.
  2. List all the APIs: Use the get-rest-apis command to list all the APIs in your AWS account. The command is as follows: 
    aws apigateway get-rest-apis
    This command will return a list of all the APIs in your account, along with their details.
  3. Get the details of a specific API: Once you have the list of APIs, you can get the details of a specific API by using the get-rest-api command along with the API’s ID. The command is as follows: 
    aws apigateway get-rest-api --rest-api-id {api-id}
    Replace {api-id} with the ID of the API you want to check. This command will return the details of the specified API.
  4. Check the API Cache setting: In the details returned by the get-rest-api command, look for the cacheClusterEnabled field. If this field is set to true, then the API Cache is enabled. If it is set to false or if the field is not present, then the API Cache is not enabled.
To check if API Cache is enabled in API Gateway using Python scripts, you can use the Boto3 library, which allows you to directly interact with AWS services, including API Gateway. Here are the steps:
  1. Install Boto3: First, you need to install the Boto3 library in your Python environment. You can do this using pip: 
    pip install boto3
  2. Configure AWS Credentials: Boto3 needs your AWS credentials (access key and secret access key) to interact with AWS services. You can configure it using the AWS CLI: 
    aws configure
    Then, input your access key, secret access key, and your preferred AWS region when prompted.
  3. Create a Python Script: Now, you can create a Python script that uses Boto3 to interact with API Gateway and check if API Cache is enabled. Here’s a basic example: 
    import boto3

def check_api_cache():
    client = boto3.client('apigateway')
    response = client.get_rest_apis()

    for api in response['items']:
        api_id = api['id']
        stage_response = client.get_stages(restApiId=api_id)

        for stage in stage_response['item']:
            if 'cacheClusterEnabled' in stage and stage['cacheClusterEnabled']:
                print(f"API Cache is enabled for API {api_id} in stage {stage['stageName']}")
            else:
                print(f"API Cache is not enabled for API {api_id} in stage {stage['stageName']}")

if __name__ == "__main__":
    check_api_cache()
    This script retrieves all REST APIs and their stages, then checks if the ‘cacheClusterEnabled’ attribute is present and set to True.
  4. Run the Python Script: Finally, you can run the Python script using a Python interpreter: 
    python check_api_cache.py
    The script will print out whether API Cache is enabled for each API and stage.

Additional Reading: