- Newest
- Most votes
- Most comments
You are correct in your understanding that api-gw-cache-enabled-and-encrypted rule requires that all methods in Amazon API Gateway stages have caching enabled and encrypted.
Please note that Amazon API Gateway throttles requests to your API to prevent it from being overwhelmed by too many requests. Caching reduces the number of calls made to your endpoint and also improve the latency of requests to your API.
In general, a Config rule is included in the conformance pack to maintain security best practices within an architecture. NIST complaince too, provides the set of standards for recommended security controls for information systems at federal agencies.
Secondly, the rules are classified into a standard after considering common industry use cases. That is why, this particular rule is included into NIST conformance pack.
Relevant content
- asked 2 years ago
- asked 6 months ago
- asked 7 months ago
AWS OFFICIALUpdated 2 years ago- AWS OFFICIALUpdated 10 months ago
- AWS OFFICIALUpdated 21 days ago
- AWS OFFICIALUpdated 3 years ago
So, I think the real question is about whether it is a security best practice to enable caching on every method. I would argue that it is not. In all but the most trivial use cases, adding a cache to a method increases the security risk because you have to consider how to secure and segregate the cache. Obviously the config enforces the use of encryption to protect the cached data at rest, but If you don't construct the cache key appropriately you might expose information to an unauthorized party. Of course, in many cases a cache makes no sense at all, e.g. a request that initiatives a unique task and returns a unique response.