Connect Akto with AWS API Gateway
AWS API Gateway is a fully managed service from AWS that helps developers create, publish, monitor, and secure APIs at scale. By integrating AWS API Gateway with Akto, you'll automatically discover and test the security of all your REST APIs, HTTP APIs, and WebSocket APIs deployed through API Gateway, ensuring comprehensive API security across your AWS infrastructure.

To connect Akto with AWS API Gateway, follow these steps -
Set up and configure Akto Traffic Processor. The steps are mentioned here.
Add AWS API Gateway connector
Go to API gateway in AWS console
Go to your API, click on
Stages
from the left menu.Scroll down to
Logs and tracing
section and click onEdit
.Select
Error and info logs
andData tracing
and save these settings.Find out the
cloudwatch log group
for your API gateway for the stage which has the above logs enabled and save it. We'll need it later.Deploy the kubernetes deployment below.
For
LOG_GROUP_NAME
andAWS_REGION
, use the log group arn we saved earlier and the aws region it is deployed in.For
AKTO_KAFKA_BROKER_MAL
, use the value of themini-runtime
service we deployed in step 1.For
AWS_ACCESS_KEY_ID
,AWS_SECRET_ACCESS_KEY
andAWS_SESSION_TOKEN
, create AWS CLI keys, which have permissions to read from the cloudwatch log group which we've mentioned above.
apiVersion: apps/v1
kind: Deployment
metadata:
name: api-gateway-logging
spec:
replicas: 1
selector:
matchLabels:
app: api-gateway-logging
template:
metadata:
labels:
app: api-gateway-logging
spec:
containers:
- image: aktosecurity/mirror-api-logging:api-gateway-logging
name: api-gateway-logging
imagePullPolicy: Always
resources: {}
env:
- name: AKTO_BYTES_IN_THRESHOLD
value: "100"
- name: AKTO_TRAFFIC_BATCH_TIME_SECS
value: "10"
- name: AKTO_TRAFFIC_BATCH_SIZE
value: "100"
- name: AKTO_KAFKA_BROKER_MAL
value: ""
- name: AWS_ACCESS_KEY_ID
value: ""
- name: AWS_SECRET_ACCESS_KEY
value: ""
- name: AWS_SESSION_TOKEN
value: ""
- name: CLOUDWATCH_READ_BATCH_SIZE
value: "5"
- name: LOG_GROUP_NAME
value: ""
- name: AWS_REGION
value: ""
Notes:
To create AWS CLI credentials, you can take reference from the official AWS docs.
For AWS IAM policy permissions for cloudwatch, you can refer here.
Get Support for your Akto setup
There are multiple ways to request support from Akto. We are 24X7 available on the following:
In-app
intercom
support. Message us with your query on intercom in Akto dashboard and someone will reply.Join our discord channel for community support.
Contact
[email protected]
for email support.Contact us here.
Last updated
Was this helpful?