Low

Ensure API Gateway has Content Encoding feature enabled

Other
MAS
NIST 800-53
NIST4
Description

One of the benefits of Amazon API Gateway is the ability for clients to call your API with compressed payloads using supported compression types. While API Gateway supports decompression of the request payload, it is important to configure your API to enable compression of the response payload. Enabling content encoding (compression) for your API payload can improve API performance and reduce bandwidth utilization. To ensure efficient compression of API payloads, enable the Content Encoding feature for your Amazon API Gateway APIs. Once this feature is enabled, API Gateway allows compression of response bodies based on the client's Accept-Encoding header. Compression is triggered when the response body size is equal to or greater than the minimum compression size threshold, which can be set to a non-negative integer between 0 and 10485760 (10M bytes). Amazon API Gateway supports compression types such as GZIP, DEFLATE, and IDENTITY.

Remediation

To remediate the issue of not having the Content Encoding feature enabled for your Amazon API Gateway APIs, follow these steps:

  1. Log in to the AWS Management Console and navigate to the Amazon API Gateway service.
  2. Select the API that you want to enable content encoding for.
  3. Click on the "Settings" tab, and then click on the "Content Encoding" section.
  4. Select the checkbox to enable content encoding for your API.
  5. Set the minimum compression size threshold to a non-negative integer between 0 and 10485760 (10M bytes).
  6. Choose the compression types that you want to support (GZIP, DEFLATE, and/or IDENTITY).
  7. Save your changes.

By following these steps, you can enable the Content Encoding feature for your Amazon API Gateway APIs, which allows for efficient compression of response payloads. This can help improve your API performance and reduce bandwidth utilization.

Enforced Resources
API Gateway
Note: Remediation steps provided by Lightlytics are meant to be suggestions and guidelines only. It is crucial to thoroughly verify and test any remediation steps before applying them to production environments. Each organization's infrastructure and security needs may differ, and blindly applying suggested remediation steps without proper testing could potentially cause unforeseen issues or vulnerabilities. Therefore, it is strongly recommended that you validate and customize any remediation steps to meet your organization's specific requirements and ensure that they align with your security policies and best practices.

Step into the Future of SecOps

Self Served Test drive >
Schedule a live demo >