Powerpipe MCP Server →
Powerpipe Hub 
Hub
Mods
turbot/steampipe-mod-aws-compliance
Overview
34Dashboards
1361Benchmarks
588Queries
4Variables
GitHub

Control: 3 API Gateway REST API stages should have AWS X-Ray tracing enabled

Description

This control checks whether AWS X-Ray active tracing is enabled for your Amazon API Gateway REST API stages.

X-Ray active tracing enables a more rapid response to performance changes in the underlying infrastructure. Changes in performance could result in a lack of availability of the API. X-Ray active tracing provides real-time metrics of user requests that flow through your API Gateway REST API operations and connected services.

Remediation

For detailed instructions on how to enable X-Ray active tracing for API Gateway REST API operations, see Amazon API Gateway active tracing support for AWS X-Ray.

Usage

Run the control in your terminal:

powerpipe control run aws_compliance.control.foundational_security_apigateway_3

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run aws_compliance.control.foundational_security_apigateway_3 --share

SQL

This control uses a named query:

select
  arn as resource,
  case
    when tracing_enabled then 'ok'
    else 'alarm'
  end as status,
  case
    when tracing_enabled then title || ' X-Ray tracing enabled.'
    else title || ' X-Ray tracing disabled.'
  end as reason,
  region,
  account_id
from
  aws_api_gateway_stage;

Tags

aws_foundational_security = true
category = Compliance
foundational_security_category = detection_services
foundational_security_item_id = apigateway_3
plugin = aws
service = AWS/APIGateway