API Gateway Stage Without API Gateway UsagePlan Associated
- Query id: c999cf62-0920-40f8-8dda-0caccd66ed7e
- Query name: API Gateway Stage Without API Gateway UsagePlan Associated
- Platform: Terraform
- Severity: Low
- Category: Resource Management
- CWE: 285
- URL: Github
Description¶
API Gateway Stage should have API Gateway UsagePlan defined and associated.
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - tf file
resource "aws_api_gateway_stage" "positive1" {
rest_api_id = "some deployment id"
deployment_id = "some rest api id"
stage_name = "some name"
tags {
project = "ProjectName"
}
}
resource "aws_api_gateway_stage" "positive2" {
deployment_id = "some deployment id"
rest_api_id = "some rest api id"
stage_name = "development"
}
resource "aws_api_gateway_usage_plan" "positive3" {
name = "my-usage-plan"
description = "my description"
product_code = "MYCODE"
api_stages {
api_id = "another id"
stage = "development"
}
}
Code samples without security vulnerabilities¶
Negative test num. 1 - tf file
resource "aws_api_gateway_stage" "negative1" {
deployment_id = "some deployment id"
rest_api_id = "rest_api_1"
stage_name = "development"
}
resource "aws_api_gateway_usage_plan" "negative2" {
name = "my-usage-plan"
description = "my description"
product_code = "MYCODE"
api_stages {
api_id = "rest_api_1"
stage = "development"
}
}