CloudWatch Metrics Disabled

• Query id: 081069cb-588b-4ce1-884c-2a1ce3029fe5
• Query name: CloudWatch Metrics Disabled
• Platform: Terraform
• Severity: Medium
• Category: Observability
• URL: Github

Description

Checks if CloudWatch Metrics is Enabled
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - tf file

#this is a problematic code where the query should report a result(s)
resource "aws_api_gateway_method_settings" "positive1" {
  rest_api_id = aws_api_gateway_rest_api.test.id
  stage_name  = aws_api_gateway_stage.test.stage_name
  method_path = "${aws_api_gateway_resource.test.path_part}/${aws_api_gateway_method.test.http_method}"

  settings {
    metrics_enabled = false
    logging_level   = "INFO"
  }
}

resource "aws_api_gateway_method_settings" "positive2" {
  rest_api_id = aws_api_gateway_rest_api.test.id
  stage_name  = aws_api_gateway_stage.test.stage_name
  method_path = "${aws_api_gateway_resource.test.path_part}/${aws_api_gateway_method.test.http_method}"

  settings {
    logging_level   = "INFO"
  }
}

Code samples without security vulnerabilities

Negative test num. 1 - tf file

#this code is a correct code for which the query should not find any result
resource "aws_api_gateway_method_settings" "negative1" {
  rest_api_id = aws_api_gateway_rest_api.test.id
  stage_name  = aws_api_gateway_stage.test.stage_name
  method_path = "${aws_api_gateway_resource.test.path_part}/${aws_api_gateway_method.test.http_method}"

  settings {
    metrics_enabled = true
    logging_level   = "INFO"
  }
}