API Gateway REST API stage has X-Ray tracing enabled
apigateway_restapi_tracing_enabled
API Gateway REST API stages have AWS X-Ray active tracing enabled to sample incoming requests and produce distributed traces across connected services.
Risk
Without X-Ray tracing, you lose end-to-end visibility, hindering detection of timeouts, errors, and anomalous latency.
This delays incident response and root-cause analysis, increasing MTTR and risking partial outages (availability) and undetected integration failures (integrity).
prowler aws --checks apigateway_restapi_tracing_enabled
Recommendation
Enable X-Ray active tracing on all API Gateway stages and propagate trace context through downstream services.
Use prudent sampling, correlate traces with logs/metrics, and alert on errors/latency. Apply least privilege to X-Ray access and use defense in depth for observability.
Remediation
aws apigateway update-stage --rest-api-id <restapi-id> --stage-name <stage-name> --patch-operations op=replace,path=/tracingEnabled,value=true
- Open the AWS Console and go to API Gateway
- Select your REST API and choose Stages
- Select the target stage
- Open the Logs/Tracing tab, check Enable X-Ray Tracing
- Click Save
Source Code
Resource Type
AwsApiGatewayStage