API Gateway Access Logging Disabled

  • Query id: 1b6799eb-4a7a-4b04-9001-8cceb9999326
  • Query name: API Gateway Access Logging Disabled
  • Platform: Terraform
  • Severity: Medium
  • Category: Observability
  • URL: Github

Description

API Gateway should have Access Log Settings defined
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - tf file
resource "aws_api_gateway_stage" "postive1" {
  stage_name    = "dev"
  rest_api_id   = "id"
}

resource "aws_apigatewayv2_stage" "postive2" {
  stage_name    = "dev"
  rest_api_id   = "id"
}

Code samples without security vulnerabilities

Negative test num. 1 - tf file
resource "aws_api_gateway_stage" "negative1" {
  stage_name    = "dev"
  rest_api_id   = "id"

  access_log_settings {
    destination_arn = "dest"
  }
}

resource "aws_apigatewayv2_stage" "negative2" {
  stage_name    = "dev"
  rest_api_id   = "id"

  access_log_settings {
    destination_arn = "dest"
  }
}