AWS Security ChangesHomeSearch

AWS apigateway documentation change

Service: apigateway · 2025-11-22 · Documentation medium

File: apigateway/latest/developerguide/api-gateway-variables-for-access-logging.md

Summary

Added TLS/cipher suite variables and integration timing metrics

Security assessment

Enhances security visibility through new logging variables for TLS details and integration timing, improving audit capabilities.

Diff

diff --git a/apigateway/latest/developerguide/api-gateway-variables-for-access-logging.md b/apigateway/latest/developerguide/api-gateway-variables-for-access-logging.md
index 4c7c8f479..02662568a 100644
--- a//apigateway/latest/developerguide/api-gateway-variables-for-access-logging.md
+++ b//apigateway/latest/developerguide/api-gateway-variables-for-access-logging.md
@@ -43,0 +44 @@ Calling `$context.authorizer.key` returns the `"value"` string, calling `$contex
+`$context.cipherSuite` |  The cipher, in IANA format, that is negotiated during the TLS handshake between the client and API Gateway.   
@@ -80,0 +82 @@ Calling `$context.authorizer.key` returns the `"value"` string, calling `$contex
+`$context.integration.responseTransferMode` | The response transfer mode of your integration. This can be either `BUFFERED` or `STREAMED`.  
@@ -81,0 +84,2 @@ Calling `$context.authorizer.key` returns the `"value"` string, calling `$contex
+`$context.integration.timeToAllHeaders` | The time between when API Gateway establishes the integration connection to when it receives all integration response headers from the client.   
+`$context.integration.timeToFirstContent` | The time between when API Gateway establishes the integration connection to when it receives the first content bytes.  
@@ -104,0 +109 @@ API Gateway APIs can accept HTTP/2 requests, but API Gateway sends requests to b
+`$context.tlsVersion` |  The TLS version that is negotiated during the TLS handshake between the client and API Gateway.