PlatformPricingCustomersResourcesSign inSign Up

Ensure API Gateway stage have logging level defined appropriately

Error: API Gateway stage does not have logging level defined appropriately

Bridgecrew Policy ID: BC_AWS_LOGGING_29
Checkov Check ID: CKV2_AWS_4
Severity: LOW

Suggest Edits

API Gateway stage does not have logging level defined appropriately

Description

TBA

Fix - Buildtime

Terraform

  • Resources: aws_api_gateway_rest_api, aws_api_gateway_deployment, aws_api_gateway_method_settings
resource "aws_api_gateway_rest_api" "ok_example" {
  body = jsonencode({
    openapi = "3.0.1"
    info = {
      title   = "ok_example"
      version = "1.0"
    }
    paths = {
      "/path1" = {
        get = {
          x-amazon-apigateway-integration = {
            httpMethod           = "GET"
            payloadFormatVersion = "1.0"
            type                 = "HTTP_PROXY"
            uri                  = "https://ip-ranges.amazonaws.com/ip-ranges.json"
          }
        }
      }
    }
  })

  name = "ok_example"
}

resource "aws_api_gateway_deployment" "ok_example" {
  rest_api_id = aws_api_gateway_rest_api.ok_example.id

  triggers = {
    redeployment = sha1(jsonencode(aws_api_gateway_rest_api.ok_example.body))
  }

  lifecycle {
    create_before_destroy = true
  }
}

resource "aws_api_gateway_stage" "ok_example" {
  deployment_id = aws_api_gateway_deployment.ok_example.id
  rest_api_id   = aws_api_gateway_rest_api.ok_example.id
  stage_name    = "ok_example"
}

resource "aws_api_gateway_method_settings" "all" {
  rest_api_id = aws_api_gateway_rest_api.ok_example.id
  stage_name  = aws_api_gateway_stage.ok_example.stage_name
  method_path = "*/*"

  settings {
    metrics_enabled = true
    logging_level   = "ERROR"
  }
}

Updated 6 months ago

Did this page help you?