Amazon API Gateway Best Practices
Cloud Conformity monitors Amazon API Gateway following the following rules:
Use AWS WAF to protect Amazon API Gateway APIs from common web exploits.
Ensure APIs created with Amazon API Gateway have active tracing support for AWS X-Ray enabled.
Ensure APIs created with Amazon API Gateway have AWS CloudWatch logging enabled.
Ensure detailed CloudWatch metrics are enabled for Amazon API Gateway APIs stages.
Use client-side SSL certificates for HTTP backend authentication within AWS API Gateway.
Ensure APIs created with Amazon API Gateway have Content Encoding feature enabled.
Ensure APIs created with Amazon API Gateway are only accessible via private endpoints.
Ensure that SSL certificates associated with API Gateway APIs are rotated periodically.
Whether your AWS exploration is just starting to take shape, you’re mid-way through a migration or you’re already running complex workloads in the cloud, Cloud Conformity offers full visibility of your infrastructure and provides continuous assurance it’s secure, optimized and compliant.
Chat with us to set up your onboarding session and start a free trial
Let’s Chat