More Info:

Active tracing should be enabled for your Amazon API Gateway API stages to sample incoming requests and send traces to AWS X-Ray. Then X-Ray can provide you an end-to-end view of an entire HTTP request, so you can analyze latencies in your APIs and their backend services.

Risk Level

Low

Address

Operational Maturity, Security

Compliance Standards

CBP

Triage and Remediation

Check Cause

Using Console

  1. Sign in to the AWS Management Console and open the Amazon API Gateway console at https://console.aws.amazon.com/apigateway/.
  2. In the navigation pane, choose ‘APIs’.
  3. Select the API you want to check, then in the ‘Stages’ section, select the stage you want to inspect.
  4. In the ‘Logs/Tracing’ tab, check the ‘Enable X-Ray Tracing’ box. If it’s not checked, Active Tracing is not enabled for that API Gateway Stage.
  1. First, you need to install and configure AWS CLI on your local machine. You can do this by following the instructions provided by AWS. Make sure you have the necessary permissions to access the API Gateway.
  2. Once the AWS CLI is installed and configured, you can list all the APIs in your account by running the following command: 
    aws apigateway get-rest-apis
    This command will return a list of all the APIs in your account.
  3. For each API, you can list all the stages by running the following command: 
    aws apigateway get-stages --rest-api-id <rest-api-id>
    Replace <rest-api-id> with the ID of the API you want to check. This command will return a list of all the stages for the specified API.
  4. For each stage, you can check if active tracing is enabled by looking at the tracingEnabled field in the output. If this field is set to false, then active tracing is not enabled for that stage.
  1. Install the necessary Python libraries: Before you start, make sure you have the necessary Python libraries installed. You will need the boto3 library, which is the Amazon Web Services (AWS) SDK for Python. It allows Python developers to write software that makes use of services like Amazon S3, Amazon EC2, and others. You can install it using pip: 
    pip install boto3
  2. Set up AWS credentials: You need to configure your AWS credentials. You can set your credentials for use by boto3 in several ways, but the simplest is to use the AWS CLI. Run aws configure and then enter your access key, secret access key, and default region when prompted.
  3. Write a Python script to check the active tracing status: You can use the get_stage method provided by the boto3 library to retrieve the information about a specific stage for a RestApi resource. The tracingEnabled attribute in the response indicates whether active tracing is enabled for the API Gateway stage. Here is a sample script: 
    import boto3

client = boto3.client('apigateway')

response = client.get_stage(
    restApiId='your_rest_api_id',
    stageName='your_stage_name'
)

if 'tracingEnabled' in response:
    if response['tracingEnabled']:
        print("Active tracing is enabled for this API Gateway stage.")
    else:
        print("Active tracing is not enabled for this API Gateway stage.")
else:
    print("The 'tracingEnabled' attribute is not present in the response.")
    Replace ‘your_rest_api_id’ and ‘your_stage_name’ with your actual RestApi ID and stage name.
  4. Run the script: Save the script to a file, then run it using your Python interpreter. The script will print a message indicating whether active tracing is enabled for the specified API Gateway stage. If the ‘tracingEnabled’ attribute is not present in the response, the script will print a message indicating this.

Additional Reading: