CloudWatch Metrics Disabled
- Query id: 081069cb-588b-4ce1-884c-2a1ce3029fe5
- Query name: CloudWatch Metrics Disabled
- Platform: Terraform
- Severity: Medium
- Category: Observability
- CWE: 778
- URL: Github
Description¶
Checks if CloudWatch Metrics is Enabled
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - tf file
#this is a problematic code where the query should report a result(s)
resource "aws_api_gateway_method_settings" "positive1" {
rest_api_id = aws_api_gateway_rest_api.test.id
stage_name = aws_api_gateway_stage.test.stage_name
method_path = "${aws_api_gateway_resource.test.path_part}/${aws_api_gateway_method.test.http_method}"
settings {
metrics_enabled = false
logging_level = "INFO"
}
}
resource "aws_api_gateway_method_settings" "positive2" {
rest_api_id = aws_api_gateway_rest_api.test.id
stage_name = aws_api_gateway_stage.test.stage_name
method_path = "${aws_api_gateway_resource.test.path_part}/${aws_api_gateway_method.test.http_method}"
settings {
logging_level = "INFO"
}
}
Code samples without security vulnerabilities¶
Negative test num. 1 - tf file
#this code is a correct code for which the query should not find any result
resource "aws_api_gateway_method_settings" "negative1" {
rest_api_id = aws_api_gateway_rest_api.test.id
stage_name = aws_api_gateway_stage.test.stage_name
method_path = "${aws_api_gateway_resource.test.path_part}/${aws_api_gateway_method.test.http_method}"
settings {
metrics_enabled = true
logging_level = "INFO"
}
}