Data protection

API Gateway REST API with stages that have cache data enabled but cache is not encrypted

Description

API Gateway is a service for creating and managing REST, HTTP, and WebSocket APIs. A REST API in API Gateway is a collection of resources and methods that are integrated with backend HTTP endpoints, Lambda functions, or other AWS services. It was detected that the REST API {AwsApiGatewayEndpoint} has stages: {AwsApiGatewayEndpoint.Stages} with cache data enabled, but cache is not encrypted. This vulnerability increases the risk of data stored on disk being accessed by unauthorized user.
  • Recommended Mitigation

    It is recommended to enable cache data encryption when creating REST API stage that has cache data enabled. It can be done when creating a new stage or by modifying an existing stage. For more information: <a href="https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-caching.html" target="_blank" rel="noopener noreferrer">https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-caching.html</a>