These rules flag API Gateway REST API stages where caching is disabled, missing an opportunity to reduce backend invocations and latency.
| Rule ID | Scan Type | Name |
|---|---|---|
| CLDBRN-AWS-APIGATEWAY-1 | Discovery | API Gateway Stage Caching Disabled |
CLDBRN-AWS-APIGATEWAY-1
API Gateway Stage Caching Disabled
Scan type: Discovery
What it checks
Flags API Gateway REST API stages that do not have stage-level caching enabled. When caching is available for a stage, enabling it allows API Gateway to serve repeated requests from the cache instead of invoking the backend integration every time.
Why it matters
Every backend invocation costs money, whether it hits a Lambda function, an HTTP endpoint, or another integration. API Gateway caching can absorb repeated identical requests and reduce the number of backend calls. For high-traffic APIs with cacheable responses, this translates directly into lower Lambda invocation costs, reduced downstream load, and faster response times for callers.
What triggers a finding
The stage's cacheClusterEnabled property is not true.
How to remediate
Enable caching on the API Gateway stage. Choose a cache size appropriate for your response payload and traffic volume:
aws apigateway update-stage \
--rest-api-id abc123 \
--stage-name prod \
--patch-operations op=replace,path=/cacheClusterEnabled,value=true \
op=replace,path=/cacheClusterSize,value=0.5
Keep in mind that API Gateway caching has its own hourly cost ($0.020-$3.800/hour depending on cache size). Make sure the savings from reduced backend invocations outweigh the cache cost for your specific traffic pattern.
See Also
- CLI discover command - scan live API Gateway resources
- SDK Reference - run discovery programmatically