π‘οΈ AWS API Gateway REST API Detailed CloudWatch Metrics are not enabledπ’
- Contextual name: π‘οΈ REST API Detailed CloudWatch Metrics are not enabledπ’
- ID:
/ce/ca/aws/apigateway/rest-api-detailed-cloudwatch-metrics - Tags:
- π’ Policy with categories
- π’ Policy with type
- π’ Production policy
- Policy Type:
COMPLIANCE_POLICY - Policy Categories:
RELIABILITY
Logicβ
- π§ prod.logic.yamlπ’
Similar Policiesβ
- Cloud Conformity: APIs Detailed CloudWatch Metrics
Descriptionβ
Descriptionβ
This policy identifies REST API Gateways where none of the related Stages have Detailed CloudWatch Metrics enabled. Detailed metrics allow monitoring of API stage caching, latency, and error rates at a more granular level, facilitating the configuration of precise alarms.
Rationaleβ
By default, API Gateway reports metrics at the stage level. Enabling Detailed CloudWatch Metrics provides additional metrics at the method level (e.g.,
GET /resource), includingLatency,IntegrationLatency,4XXError, and5XXError. These granular metrics are critical for:
- Identifying specific performance bottlenecks
- Debugging issues at the individual method level
- Ensuring the reliability and operational health of API endpoints
Auditβ
This policy targets the REST APIs. An API Gateway API is flagged as
INCOMPLIANTwhen at least one associated API Gateway Stage has theCloudWatch Detailed Metrics Enabledset to False or there is no API Gateway Stage associated with it.
Remediationβ
Remediationβ
Enable Detailed CloudWatch Metricsβ
From Consoleβ
- Log in to the AWS Console.
- Navigate to the API Gateway service.
- In the navigation panel, select APIs to view all API Gateway APIs.
- Click the API you want to reconfigure.
- Select Stages from the API menu to access its stages.
- Click the stage you want to modify and open the Logs/Tracing tab.
- In the CloudWatch Settings section, enable Detailed CloudWatch Metrics and click Save Changes. Once enabled, each API method will start generating metrics such as API calls, Latency, Integration Latency, 4XX, and 5XX errors.
- Repeat steps 6β7 for all stages of the selected API.
- Repeat steps 4β8 for each API in the current AWS region.
- Switch regions from the navigation bar and repeat the process for other regions.
From Command Lineβ
- Use the
update-stagecommand to enable detailed CloudWatch metrics for a specific API stage. Each method in the stage will start generating metrics such as API calls, Latency, Integration Latency, 4XX, and 5XX errors:... see more
policy.yamlβ
Linked Framework Sectionsβ
| Section | Sub Sections | Internal Rules | Policies | Flags | Compliance |
|---|---|---|---|---|---|
| πΌ AWS Well-Architected β πΌ REL06-BP02 Define and calculate metrics (Aggregation) | 1 | no data | |||
| πΌ Cloudaware Framework β πΌ System Configuration | 54 | no data |