- CNS Policies
- AWS Knowledge Base
- Amazon API Gateway
-
AWS Knowledge Base
- Amazon EKS
- Amazon RDS
- Amazon Kinesis
- AWS Organizations
- Amazon SQS (Simple Queue Service)
- AWS Cloudtrail
- AWS Certificate Manager
- AWS IAM
- AWS Workspaces
- Amazon S3
- AWS Systems Manager (AWS SSM)
- Amazon EC2
- Amazon Redshift
- Amazon EMR
- Amazon CloudFront
- Amazon DynamoDB
- Amazon Managed Workflows for Apache Airflow (MWAA)
- Amazon Route 53
- AWS Key Management Service (KMS)
- Amazon CloudWatch
- Amazon ElasticSearch
- AWS Database Migration Service
- AWS Config
- AWS X-Ray
- Amazon API Gateway
- Amazon Athena
- Amazon SageMaker
- AWS Elastic Load Balancing (ELB)
- AWS Lambda
- AWS Auto Scaling
- Amazon GuardDuty
- Amazon Elastic File System (Amazon EFS)
- Amazon Elastic Container Registry (Amazon ECR)
- AWS Glue
- Amazon Simple Notification Service (SNS)
- AWS Elastic Beanstalk
- AWS CodeBuild
- AWS Secrets Manager
- AWS Transfer Family
- Amazon Access Analyzer
-
Azure Knowledge Base
- Container Registries
- Azure Virtual Machines
- Network Security Group
- PostgreSQL
- Azure Monitor
- Azure Security Center
- SQL Databases
- SQL Servers
- Storage Accounts
- Azure Key Vaults
- Load Balancers
- App Services
- Azure Active Directory
- Activity Log
- Azure Policy
- Kubernetes Services
- Azure Resources
- Azure Cosmos DB
- CDN Profiles
- MySQL Servers
- Azure Virtual Network
- Azure Network Watcher
- Azure Cache for Redis
-
GCP Knowledge Base
- Google Cloud VPC
- Google Cloud IAM
- Google Cloud Load Balancing
- Google Cloud Logging
- Google Cloud Kubernetes Engine
- Google Cloud Pub/Sub
- Google Compute Engine
- Google Cloud Key Management Service (KMS)
- Google Cloud DNS
- Google Cloud Storage
- Google Cloud Dataproc
- Google Cloud SQL
- Google Cloud Spanner
- Google Cloud Deployment Manager
- Google Cloud BigQuery
- Google Cloud Dataflow
-
DigitalOcean Knowledge Base
CloudWatch Logs Missing For API Gateway
Risk Level: Medium
Description:
This plugin ensures that Cloud Watch Logs are enabled for Amazon API Gateways to track and analyze execution behavior at the API stage level and also debug issues related to request execution or client access to API.
About the Service :
API(Application Programming Interface) Gateway is an AWS service that lies between the client and tons of backend services. The actions performed by API Gateways include creating, deploying, and managing RESTful API and WebSocket API.
Impact :
We won’t be able to analyze the execution behavior or debug issues at the API Stage level. There will be a huge issue in the troubleshooting of the problems that may arise with the API.
Steps to reproduce :
- Log in to AWS Management Console.
- Navigate to the API Gateway Dashboard.
- On the top left, select the APIs option.
- We can select from a list of APIs to examine.
- On the selected API, click on its name to access the details.
- In the selected submenu, select the Stages option.
- Select the API Stage for examination. Then Logs tab in the API Stage Editor.
- In the CloudWatch Settings section, verify if the Enable CloudWatch Logs box is checked or not.
- If the logs box is unchecked then there will be no logs i.e. CloudWatch Logs missing.
Steps for remediation :
- Log in to AWS Management Console.
- Navigate to the API Gateway Dashboard.
- On the top left, select the APIs option.
- We can select from a list of APIs to examine.
- On the selected API, click on its name to access the details.
- In the selected submenu, select the Stages option.
- Select the API Stage for examination. Then Logs tab in the API Stage Editor.
- In the CloudWatch Settings section, verify if the Enable CloudWatch Logs box is checked or not.
- If the logs box is unchecked then check the Enable CloudWatch Logs box.