Description

This control evaluates whether execution logging is enabled for all stages of an Amazon API Gateway REST API. The control passes only if the logging level has been configured for each API method within the API stage. The logging level must be set to either ERROR or INFO.

For API Gateway REST API stages, it’s important to have appropriate logging enabled. Logging for these stages provides comprehensive records of the requests processed by API Gateway REST APIs. This includes details such as backend responses from API integrations, Lambda authorizer responses, and the request ID associated with AWS integration endpoints.

Remediation

To learn how to configure execution logging for API Gateway REST APIs, refer to the Set up CloudWatch API logging using the API Gateway console section of the API Gateway Developer Guide documentation.