Ensure API Gateway has X-Ray Tracing enabled

AWS X-Ray enables you to trace and analyze user requests as they travel through Amazon API Gateway REST APIs to the underlying services. X-Ray gives you an end-to-end view of an entire request, you can analyze latencies in your APIs and their backend services. You can use an X-Ray service map to view the latency of an entire request and that of the downstream services that are integrated with X-Ray.

Risk Level: Low
Cloud Entity: AWS ApiGateway Stage
CloudGuard Rule ID: D9.CFT.OPE.22
Covered by Spectral: Yes
Category: Management Tools


AWS_ApiGateway_Stage should have TracingEnabled=true


From CFT
Set AWS::ApiGateway::Stage::TracingEnabled to value 'true'
See below example;

Type: AWS::ApiGateway::Stage
TracingEnabled: true


  1. https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-stage.html#cfn-apigateway-stage-tracingenabled
  2. https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-xray.html

AWS ApiGateway Stage

A stage is a named reference to a deployment, which is a snapshot of the API. You use a Stage to manage and optimize a particular deployment. For example, you can configure stage settings to enable caching, customize request throttling, configure logging, define stage variables, or attach a canary release for testing. The AWS::ApiGateway::Stage resource creates a stage for a deployment.

Compliance Frameworks

  • AWS CloudFormation ruleset