Ensure AWS AppSync's logging is enabled

Error: AWS AppSync's logging is disabled

Bridgecrew Policy ID: BC_AWS_GENERAL_169
Checkov Check ID: CKV_AWS_193
Severity: LOW

AWS AppSync's logging is disabled

Description

It is recommended to have a proper logging process for AWS AppSync in order to track configuration changes conducted manually and programmatically and trace back unapproved changes.

Fix - Runtime

Fix - Buildtime

Terraform

resource "aws_appsync_graphql_api" "enabled" {
  authentication_type = "API_KEY"
  name                = "example"

  log_config {
    cloudwatch_logs_role_arn = "aws_iam_role.example.arn"
    field_log_level          = "ERROR"
  }
}