Ensure API Gateway has X-Ray tracing enabled

Error: API Gateway does not have X-Ray tracing enabled

Bridgecrew Policy ID: BC_AWS_LOGGING_15
Checkov Check ID: CKV_AWS_73
Severity: LOW

API Gateway does not have X-Ray tracing enabled


When an API Gateway stage has the active tracing feature enabled, Amazon API Gateway service automatically samples API invocation requests based on the sampling algorithm specified by AWS X-Ray.

With tracing enabled X-Ray can provide an end-to-end view of an entire HTTP request. You can use this to analyze latencies in APIs and their backend services.

Fix - Runtime

AWS Console

  1. Log in to the AWS Management Console at [https://console.aws.amazon.com/].
  2. Open the Amazon API Gateway console.
  3. In the APIs pane, choose the API, and then click Stages.
  4. In the Stages pane, choose the name of the stage.
  5. In the Stage Editor pane, choose the Logs/Tracing tab.
  6. To enable active X-Ray tracing, choose Enable X-Ray Tracing under X-Ray Tracing.

CLI Command

aws apigateway create-stage \
    --rest-api-id {rest-api-id} \
    --stage-name {stage-name} \
    --deployment-id {deployment-id} \
    --region {region} \

Fix - Buildtime


  • Resource: aws_api_gateway_stage
  • Argument: xray_tracing_enabled - (Optional) Whether active tracing with X-ray is enabled. Defaults to false.
resource "aws_api_gateway_stage" "test" {
  stage_name    = "prod"
+ xray_tracing_enabled = true


  • Resource: AWS::ApiGateway::Stage
  • Argument: Properties.TracingEnabled
    Type: AWS::ApiGateway::Stage
+     TracingEnabled: true