Ensure AWS AppSync has field-level logs enabled
Error: AWS AppSync has field-level logs disabled
Bridgecrew Policy ID: BC_AWS_GENERAL_166
Checkov Check ID: CKV_AWS_194
Severity: LOW
AWS AppSync has field-level logs disabled
Description
It is recommended to have a proper logging process for AWS AppSync in order to detect anomalous configuration activity. It is used to track configuration changes conducted manually and programmatically and trace back unapproved changes.
Fix - Runtime
Fix - Buildtime
Terraform
resource "aws_appsync_graphql_api" "all" {
authentication_type = "API_KEY"
name = "example"
log_config {
cloudwatch_logs_role_arn = "aws_iam_role.example.arn"
field_log_level = "ALL"
}
}
Updated 9 months ago