Ensure that your Amazon API Gateway REST APIs are configured to encrypt API cached responses in order to protect data while in transit (as it travels to and from Amazon API Gateway).
This rule can help you work with the AWS Well-Architected Framework.
This rule resolution is part of the Conformity Security & Compliance tool for AWS.
When working with production and sensitive data, it is strongly recommended to enforce encryption for API cached responses in order to protect your data from unauthorized access and fulfill compliance requirements for API data encryption within your organization. This prevents potential attackers from getting access to API's data in case of data interception and theft.
Audit
To determine if your REST API stage-level cached responses are encrypted, perform the following actions:
Remediation / Resolution
To enable stage-level cache encryption for your existing Amazon API Gateway REST APIs, perform the following actions:
References
- AWS Documentation
- Optimizing performance of REST APIs
- Enabling API caching to enhance responsiveness
- Data encryption in Amazon API Gateway
- AWS Command Line Interface (CLI) Documentation
- apigateway
- get-rest-apis
- get-stages
- update-stage
Unlock the Remediation Steps
Free 30-day Trial
Automatically audit your configurations with Conformity
and gain access to our cloud security platform.
You are auditing:
Enable Encryption for API Cache
Risk Level: High