API Gateway REST API with stages that have cache data enabled but cache is not encrypted

Data protection

API Gateway REST API with stages that have cache data enabled but cache is not encrypted

Risk Level

Informational (4)

Platform(s)

Compliance Frameworks

AWS Foundational Security Best Practices Controls
Brazilian General Data Protection (LGPD)
CCPA
coppa
CPRA
GDPR
HITRUST
ISO/IEC 27001
Mitre ATT&CK
mpa
New Zealand Information Security Manual
NIST 800-171
NIST 800-53
PDPA

Description

API Gateway is a service for creating and managing REST, HTTP, and WebSocket APIs. A REST API in API Gateway is a collection of resources and methods that are integrated with backend HTTP endpoints, Lambda functions, or other AWS services. It was detected that the REST API {AwsApiGatewayEndpoint} has stages: {AwsApiGatewayEndpoint.Stages} with cache data enabled, but cache is not encrypted. This vulnerability increases the risk of data stored on disk being accessed by unauthorized user.

Recommended Mitigation

It is recommended to enable cache data encryption when creating REST API stage that has cache data enabled. It can be done when creating a new stage or by modifying an existing stage. For more information: <a href="https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-caching.html" target="_blank" rel="noopener noreferrer">https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-caching.html</a>

API Gateway REST API with stages that have cache data enabled but cache is not encrypted

Description

Need help?

CLOUD SECURITY PLATFORM

TECHNOLOGY ECOSYSTEM

By Solution

By Industry

COMPARISONS