Amazon API Gateway Best Practices

Knowledge Base Amazon Web Services Amazon API Gateway

Best practice rules for Amazon API Gateway

Cloud Conformity monitors Amazon API Gateway following the following rules:

API Gateway Integrated With AWS WAF
Use AWS WAF to protect Amazon API Gateway APIs from common web exploits.
API Gateway Tracing Enabled
Ensure APIs created with Amazon API Gateway have active tracing support for AWS X-Ray enabled.
APIs CloudWatch Logs
Ensure APIs created with Amazon API Gateway have AWS CloudWatch logging enabled.
APIs Detailed CloudWatch Metrics
Ensure detailed CloudWatch metrics are enabled for Amazon API Gateway APIs stages.
Client Certificate
Use client-side SSL certificates for HTTP backend authentication within AWS API Gateway.
Content Encoding
Ensure APIs created with Amazon API Gateway have Content Encoding feature enabled.
Private Endpoint
Ensure APIs created with Amazon API Gateway are only accessible via private endpoints.
Rotate Expiring SSL Client Certificates
Ensure that SSL certificates associated with API Gateway REST APIs are rotated periodically.