Ensure that active tracing with X-Ray is enabled for your Amazon API Gateway API stages in order to sample incoming requests and send traces to Amazon X-Ray. Once this feature is enabled, the X-Ray service will trace and analyze user requests as the requests travel through your API Gateway APIs to the underlying services.
This rule can help you with the following compliance standards:
- MAS
- NIST4
For further details on compliance standards supported by Conformity, see here.
This rule can help you work with the AWS Well-Architected Framework.
This rule resolution is part of the Conformity Security & Compliance tool for AWS.
excellence
When an API stage has active tracing enabled, the Amazon API Gateway service automatically samples API invocation requests based on the sampling algorithm specified by Amazon X-Ray. Then X-Ray can provide you an end-to-end view of an entire HTTP request, so you can analyze latencies found in your APIs and their backend services.
Note: API Gateway supports active tracing for all API Gateway endpoint types, i.e. regional, private, and edge-optimized. You can enable active tracing for your APIs in all AWS regions where X-Ray service is available.
Audit
To determine if your API Gateway API stages have active tracing enabled, perform the following operations:
Remediation / Resolution
To enable X-Ray tracing (also known as active tracing) for your Amazon API Gateway APIs, perform the following operations:
References
- AWS Documentation
- Amazon API Gateway FAQs
- What is Amazon API Gateway
- Tracing User Requests to REST APIs Using X-Ray
- Setting Up AWS X-Ray with API Gateway REST APIs
- AWS Command Line Interface (CLI) Documentation
- apigateway
- get-rest-apis
- get-stages
- update-stage
- CloudFormation Documentation
- Amazon API Gateway resource type reference
- Terraform Documentation
- AWS Provider