Remediation
Enable Detailed CloudWatch Metricsβ
From Consoleβ
- Log in to the AWS Console.
- Navigate to the API Gateway service.
- In the navigation panel, select APIs to view all API Gateway APIs.
- Click the API you want to reconfigure.
- Select Stages from the API menu to access its stages.
- Click the stage you want to modify and open the Logs/Tracing tab.
- In the CloudWatch Settings section, enable Detailed CloudWatch Metrics and click Save Changes. Once enabled, each API method will start generating metrics such as API calls, Latency, Integration Latency, 4XX, and 5XX errors.
- Repeat steps 6β7 for all stages of the selected API.
- Repeat steps 4β8 for each API in the current AWS region.
- Switch regions from the navigation bar and repeat the process for other regions.
From Command Lineβ
-
Use the
update-stagecommand to enable detailed CloudWatch metrics for a specific API stage. Each method in the stage will start generating metrics such as API calls, Latency, Integration Latency, 4XX, and 5XX errors:aws apigateway update-stage \
--region {{us-east-1}} \
--rest-api-id {{rest-api-id}} \
--stage-name {{stage-name}} \
--patch-operations op=replace,path=/*/*/metrics/enabled,value=true -
The command output will return metadata for the updated stage:
{
"stageName": "{{stage-name}}",
"cacheClusterSize": "0.5",
"cacheClusterEnabled": false,
"cacheClusterStatus": "NOT_AVAILABLE",
"deploymentId": "abc123",
"createdDate": "2025-01-11T10:56:31+00:00",
"lastUpdatedDate": "2025-01-11T12:34:58+00:00",
"methodSettings": {
"*/*": {
"cacheTtlInSeconds": 300,
"loggingLevel": "INFO",
"dataTraceEnabled": true,
"metricsEnabled": true,
"unauthorizedCacheControlHeaderStrategy": "SUCCEED_WITH_RESPONSE_HEADER",
"throttlingRateLimit": 10000.0,
"cacheDataEncrypted": false,
"cachingEnabled": false,
"throttlingBurstLimit": 5000,
"requireAuthorizationForCacheControl": true
}
}
} -
Repeat steps 1β2 for all stages of the selected API.
-
Repeat steps 1β3 for all APIs in the current AWS region.