search

awslabs / aws-config-rules

[Node, Python, Java] Repository of sample Custom Rules for AWS Config.
http://aws.amazon.com/config/
Creative Commons Zero v1.0 Universal
1.58k stars 851 forks source link

Add API_GW_ACCESS_LOGGING_ENABLED rule #382

Open bmorrissirromb opened 2 years ago

bmorrissirromb commented 2 years ago 
#####################################
##           Gherkin               ##
#####################################
Rule Name:
    API_GW_ACCESS_LOGGING_ENABLED
Description:
  Checks that methods in an Amazon API Gateway stage for deployed APIs have 'loggingLevel' as one of the values specified in the rule parameter 'loggingLevel'. The rule returns NON_COMPLIANT if any method in a stage has 'loggingLevel' set to a value not matching any of the logging levels specified in the rule parameter.
Trigger:
  Configuration Change on AWS::ApiGateway::Stage or AWS::ApiGatewayV2::Stage
Reports on:
  AWS::ApiGateway::Stage or AWS::ApiGatewayV2::Stage
Rule Parameters:
  None
Scenarios:
  Scenario: 1
    Given: In the Stage configuration item, 'AccessLogSetting' (APIGWv1) or 'AccessLogSettings' (APIGWv2) is defined.
     Then: Return COMPLIANT
  Scenario: 2
    Given: In the Stage configuration item, neither 'AccessLogSetting' (APIGWv1) nor 'AccessLogSettings' (APIGWv2) are defined.
     Then: Return NON_COMPLIANT