Skip to content

Commit 6448eaa

Browse files
committed
fix: enable API Gateway cache encryption at rest
Adds cache_data_encrypted/cacheDataEncrypted to both Terraform and CDK API Gateway method settings. Resolves KICS critical finding for unencrypted API Gateway cache.
1 parent c9efdef commit 6448eaa

File tree

2 files changed

+2
-0
lines changed

2 files changed

+2
-0
lines changed

infra-cdk/lib/backend-stack.ts

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -551,6 +551,7 @@ export class BackendStack extends cdk.NestedStack {
551551
throttlingRateLimit: 100,
552552
throttlingBurstLimit: 200,
553553
cachingEnabled: true,
554+
cacheDataEncrypted: true,
554555
cacheClusterEnabled: true,
555556
cacheClusterSize: "0.5",
556557
cacheTtl: cdk.Duration.minutes(5),

infra-terraform/modules/backend/feedback.tf

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -384,6 +384,7 @@ resource "aws_api_gateway_method_settings" "all" {
384384
throttling_rate_limit = local.api_throttling_rate_limit
385385
throttling_burst_limit = local.api_throttling_burst_limit
386386
caching_enabled = true
387+
cache_data_encrypted = true
387388
cache_ttl_in_seconds = local.api_cache_ttl_seconds
388389
logging_level = "INFO"
389390
metrics_enabled = true

0 commit comments

Comments
 (0)