API Gateway X-Ray disabled

Docs > Plateforme de sécurité Datadog > Code Security > Infrastructure as Code (IaC) Security > IaC Security Rules > API Gateway X-Ray disabled

Cette page n'est pas encore disponible en français, sa traduction est en cours.
Si vous avez des questions ou des retours sur notre projet de traduction actuel, n'hésitez pas à nous contacter.

Metadata

Id: 2059155b-27fd-441e-b616-6966c468561f

Cloud Provider: AWS

Platform: Ansible

Severity: Low

Category: Observability

Learn More

Provider Reference

Description

API Gateway resources should have AWS X-Ray tracing enabled to provide end-to-end request visibility and support detection of anomalous or malicious activity. For Ansible tasks that use the community.aws.api_gateway or api_gateway modules, set the tracing_enabled property to true. Tasks missing tracing_enabled or with tracing_enabled: false are flagged because they disable observability needed for effective incident response and root-cause analysis.

Secure Ansible task example:

- name: Configure API Gateway with X-Ray tracing
  community.aws.api_gateway:
    name: my-api
    tracing_enabled: true

Compliant Code Examples

- name: Setup AWS API Gateway setup on AWS and deploy API definition
  community.aws.api_gateway:
    swagger_file: my_api.yml
    stage: production
    cache_enabled: true
    cache_size: '1.6'
    tracing_enabled: true
    endpoint_type: EDGE
    state: present

Non-Compliant Code Examples

---
- name: Setup AWS API Gateway setup on AWS and deploy API definition
  community.aws.api_gateway:
    swagger_file: my_api.yml
    stage: production
    cache_enabled: true
    cache_size: '1.6'
    tracing_enabled: false
    endpoint_type: EDGE
    state: present
- name: Update API definition to deploy new version
  community.aws.api_gateway:
    api_id: 'abc123321cba'
    swagger_file: my_api.yml
    deploy_desc: Make auth fix available.
    cache_enabled: true
    cache_size: '1.6'
    endpoint_type: EDGE
    state: present