- AWS Audit
- API Gateway Audit
Checks Performed
- API Gateway Should Be Integrated With WAF
- Active Tracing Should Be Enabled For API Gateway Stages
- Cloudwatch Logs Must Be Enabled For All APIs
- Cloudwatch Metrics Must Be Enabled For All APIs
- API Gateway APIs Should Use SSL Certificates
- Content Encoding Should Be Enabled For APIs
- Only Private End-Points Should Access APIs
- Expiring SSL Client Certificates Should Be Rotated