#####################################
## Gherkin ##
#####################################
Rule Name:
API_GW_ACCESS_LOGGING_ENABLED
Description:
Checks that methods in an Amazon API Gateway stage for deployed APIs have 'loggingLevel' as one of the values specified in the rule parameter 'loggingLevel'. The rule returns NON_COMPLIANT if any method in a stage has 'loggingLevel' set to a value not matching any of the logging levels specified in the rule parameter.
Trigger:
Configuration Change on AWS::ApiGateway::Stage or AWS::ApiGatewayV2::Stage
Reports on:
AWS::ApiGateway::Stage or AWS::ApiGatewayV2::Stage
Rule Parameters:
None
Scenarios:
Scenario: 1
Given: In the Stage configuration item, 'AccessLogSetting' (APIGWv1) or 'AccessLogSettings' (APIGWv2) is defined.
Then: Return COMPLIANT
Scenario: 2
Given: In the Stage configuration item, neither 'AccessLogSetting' (APIGWv1) nor 'AccessLogSettings' (APIGWv2) are defined.
Then: Return NON_COMPLIANT