API Gateway Stage Without API Gateway UsagePlan Associated

• Query id: c999cf62-0920-40f8-8dda-0caccd66ed7e
• Query name: API Gateway Stage Without API Gateway UsagePlan Associated
• Platform: Terraform
• Severity: Low
• Category: Resource Management
• CWE: 285
• URL: Github

Description

API Gateway Stage should have API Gateway UsagePlan defined and associated.
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - tf file

resource "aws_api_gateway_stage" "positive1" {
  rest_api_id   = "some deployment id"
  deployment_id = "some rest api id"
  stage_name = "some name"
  tags {
    project = "ProjectName"
  }
}

resource "aws_api_gateway_stage" "positive2" {
  deployment_id = "some deployment id"
  rest_api_id   = "some rest api id"
  stage_name    = "development"
}

resource "aws_api_gateway_usage_plan" "positive3" {
  name         = "my-usage-plan"
  description  = "my description"
  product_code = "MYCODE"

  api_stages {
    api_id = "another id"
    stage  = "development"
  }
}

Code samples without security vulnerabilities

Negative test num. 1 - tf file

resource "aws_api_gateway_stage" "negative1" {
  deployment_id = "some deployment id"
  rest_api_id   = "rest_api_1"
  stage_name    = "development"
}

resource "aws_api_gateway_usage_plan" "negative2" {
  name         = "my-usage-plan"
  description  = "my description"
  product_code = "MYCODE"

  api_stages {
    api_id = "rest_api_1"
    stage  = "development"
  }
}