API Gateway REST API with stages that have cache data enabled but cache is not encrypted

Data protection

API Gateway REST API with stages that have cache data enabled but cache is not encrypted

Risk Level

Informational (4)

Platform(s)

Compliance Frameworks

AWS Foundational Security Best Practices Controls
GDPR
HITRUST
NIST 800-53

Description

API Gateway is a service for creating and managing REST, HTTP, and WebSocket APIs. A REST API in API Gateway is a collection of resources and methods that are integrated with backend HTTP endpoints, Lambda functions, or other AWS services. It was detected that the REST API {AwsApiGatewayEndpoint} has stages: {AwsApiGatewayEndpoint.Stages} with cache data enabled, but cache is not encrypted. This vulnerability increases the risk of data stored on disk being accessed by unauthorized user.

Recommended Mitigation

It is recommended to enable cache data encryption when creating REST API stage that has cache data enabled. It can be done when creating a new stage or by modifying an existing stage. For more information: https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-caching.html

API Gateway REST API with stages that have cache data enabled but cache is not encrypted

Description

Need help?