Active Tracing Should Be Enabled For API Gateway Stages
More Info:
Active tracing should be enabled for your Amazon API Gateway API stages to sample incoming requests and send traces to AWS X-Ray. Then X-Ray can provide you an end-to-end view of an entire HTTP request, so you can analyze latencies in your APIs and their backend services.Risk Level
LowAddress
Operational Maturity, SecurityCompliance Standards
CBPTriage and Remediation
Check Cause
Using Console
Using Console
- Sign in to the AWS Management Console and open the Amazon API Gateway console at https://console.aws.amazon.com/apigateway/.
- In the navigation pane, choose ‘APIs’.
- Select the API you want to check, then in the ‘Stages’ section, select the stage you want to inspect.
- In the ‘Logs/Tracing’ tab, check the ‘Enable X-Ray Tracing’ box. If it’s not checked, Active Tracing is not enabled for that API Gateway Stage.
Using CLI
Using CLI
- First, you need to install and configure AWS CLI on your local machine. You can do this by following the instructions provided by AWS. Make sure you have the necessary permissions to access the API Gateway.
-
Once the AWS CLI is installed and configured, you can list all the APIs in your account by running the following command:
This command will return a list of all the APIs in your account.
-
For each API, you can list all the stages by running the following command:
Replace
<rest-api-id>with the ID of the API you want to check. This command will return a list of all the stages for the specified API. -
For each stage, you can check if active tracing is enabled by looking at the
tracingEnabledfield in the output. If this field is set tofalse, then active tracing is not enabled for that stage.
Using Python
Using Python
-
Install the necessary Python libraries: Before you start, make sure you have the necessary Python libraries installed. You will need the boto3 library, which is the Amazon Web Services (AWS) SDK for Python. It allows Python developers to write software that makes use of services like Amazon S3, Amazon EC2, and others. You can install it using pip:
-
Set up AWS credentials: You need to configure your AWS credentials. You can set your credentials for use by boto3 in several ways, but the simplest is to use the AWS CLI. Run
aws configureand then enter your access key, secret access key, and default region when prompted. -
Write a Python script to check the active tracing status: You can use the
get_stagemethod provided by the boto3 library to retrieve the information about a specific stage for a RestApi resource. ThetracingEnabledattribute in the response indicates whether active tracing is enabled for the API Gateway stage. Here is a sample script:Replace ‘your_rest_api_id’ and ‘your_stage_name’ with your actual RestApi ID and stage name. - Run the script: Save the script to a file, then run it using your Python interpreter. The script will print a message indicating whether active tracing is enabled for the specified API Gateway stage. If the ‘tracingEnabled’ attribute is not present in the response, the script will print a message indicating this.