Amazon API Gateway Best Practices
Enable AWS WAF Integration
Use AWS WAF to protect Amazon API Gateway APIs from common web exploits.
Enable SSL Client Certificate
Use client-side SSL certificates for HTTP backend authentication within AWS API Gateway.
Rotate Expiring SSL Client Certificates
Ensure that SSL certificates associated with API Gateway APIs are rotated periodically.
Enable AWS CloudWatch Logs for APIs
Ensure APIs created with Amazon API Gateway have AWS CloudWatch logging enabled.
Enable Content Encoding
Ensure APIs created with Amazon API Gateway have Content Encoding feature enabled.
Enable Detailed CloudWatch Metrics for APIs
Ensure detailed CloudWatch metrics are enabled for Amazon API Gateway APIs stages.
API Gateway Private Endpoints
Ensure APIs created with Amazon API Gateway are only accessible via private endpoints.
Enable Active Tracing
Ensure APIs created with Amazon API Gateway have active tracing support for AWS X-Ray enabled.