API Gateway Deployment Without API Gateway UsagePlan Associated
- Query id: 783860a3-6dca-4c8b-81d0-7b62769ccbca
- Query name: API Gateway Deployment Without API Gateway UsagePlan Associated
- Platform: CloudFormation
- Severity: Low
- Category: Observability
- CWE: 770
- URL: Github
Description¶
API Gateway Deployment should have API Gateway UsagePlan defined and associated.
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - yaml file
AWSTemplateFormatVersion: "2010-09-09"
Description: "Router53"
Resources:
Deployment:
Type: 'AWS::ApiGateway::Deployment'
Properties:
RestApiId: !Ref MyRestApi
Description: My deployment
StageName: Prod
Positive test num. 2 - yaml file
AWSTemplateFormatVersion: "2010-09-09"
Description: "Router53"
Resources:
Deployment1:
Type: 'AWS::ApiGateway::Deployment'
Properties:
RestApiId: !Ref MyRestApi
Description: My deployment
StageName: Prod
usagePlan1:
Type: 'AWS::ApiGateway::UsagePlan'
Properties:
ApiStages:
- ApiId: !Ref MyRestApi
Stage: !Ref Prod1
Description: Customer ABC's usage plan
Quota:
Limit: 5000
Period: MONTH
Throttle:
BurstLimit: 200
RateLimit: 100
UsagePlanName: Plan_ABC
Positive test num. 3 - yaml file
AWSTemplateFormatVersion: "2010-09-09"
Description: "Router53"
Resources:
Deployment2:
Type: 'AWS::ApiGateway::Deployment'
Properties:
RestApiId: !Ref MyRestApi
Description: My deployment
StageName: Prod1
usagePlan2:
Type: 'AWS::ApiGateway::UsagePlan'
Properties:
ApiStages:
- ApiId: !Ref MyRestApi
Stage: !Ref Prod
Description: Customer ABC's usage plan
Quota:
Limit: 5000
Period: MONTH
Throttle:
BurstLimit: 200
RateLimit: 100
UsagePlanName: Plan_ABC
Positive test num. 4 - json file
Positive test num. 5 - json file
{
"AWSTemplateFormatVersion": "2010-09-09",
"Description": "Router53",
"Resources": {
"Deployment1": {
"Properties": {
"RestApiId": "MyRestApi",
"Description": "My deployment",
"StageName": "Prod"
},
"Type": "AWS::ApiGateway::Deployment"
},
"usagePlan1": {
"Properties": {
"Quota": {
"Limit": 5000,
"Period": "MONTH"
},
"Throttle": {
"BurstLimit": 200,
"RateLimit": 100
},
"UsagePlanName": "Plan_ABC",
"ApiStages": [
{
"ApiId": "MyRestApi",
"Stage": "Prod1"
}
],
"Description": "Customer ABC's usage plan"
},
"Type": "AWS::ApiGateway::UsagePlan"
}
}
}
Positive test num. 6 - json file
{
"AWSTemplateFormatVersion": "2010-09-09",
"Description": "Router53",
"Resources": {
"Deployment2": {
"Type": "AWS::ApiGateway::Deployment",
"Properties": {
"RestApiId": "MyRestApi",
"Description": "My deployment",
"StageName": "Prod1"
}
},
"usagePlan2": {
"Type": "AWS::ApiGateway::UsagePlan",
"Properties": {
"ApiStages": [
{
"ApiId": "MyRestApi",
"Stage": "Prod"
}
],
"Description": "Customer ABC's usage plan",
"Quota": {
"Limit": 5000,
"Period": "MONTH"
},
"Throttle": {
"BurstLimit": 200,
"RateLimit": 100
},
"UsagePlanName": "Plan_ABC"
}
}
}
}
Code samples without security vulnerabilities¶
Negative test num. 1 - yaml file
AWSTemplateFormatVersion: "2010-09-09"
Description: "Router53"
Resources:
Deployment:
Type: 'AWS::ApiGateway::Deployment'
Properties:
RestApiId: !Ref MyRestApi
Description: My deployment
StageName: Prod
usagePlan:
Type: 'AWS::ApiGateway::UsagePlan'
Properties:
ApiStages:
- ApiId: !Ref MyRestApi
Stage: !Ref Prod
Description: Customer ABC's usage plan
Quota:
Limit: 5000
Period: MONTH
Throttle:
BurstLimit: 200
RateLimit: 100
UsagePlanName: Plan_ABC
Negative test num. 2 - json file
{
"AWSTemplateFormatVersion": "2010-09-09",
"Description": "Router53",
"Resources": {
"Deployment": {
"Type": "AWS::ApiGateway::Deployment",
"Properties": {
"RestApiId": "MyRestApi",
"Description": "My deployment",
"StageName": "Prod"
}
},
"usagePlan": {
"Type": "AWS::ApiGateway::UsagePlan",
"Properties": {
"ApiStages": [
{
"ApiId": "MyRestApi",
"Stage": "Prod"
}
],
"Description": "Customer ABC's usage plan",
"Quota": {
"Limit": 5000,
"Period": "MONTH"
},
"Throttle": {
"RateLimit": 100,
"BurstLimit": 200
},
"UsagePlanName": "Plan_ABC"
}
}
}
}