AWS api logging disabled cdk High

When an API does not have access logging enabled, it means that the system or organization responsible for the API is missing out on valuable information about how the API is being used, and it is failing to capture important data that can be essential for various purposes.

Detector ID
python/api-logging-disabled-cdk@v1.0
Category
Common Weakness Enumeration (CWE) external icon

Noncompliant example

1import aws_cdk as cdk
2from aws_cdk import aws_apigatewayv2
3
4
5class APILoggingDisabled(cdk.Stack):
6
7    def api_logging_disabled_noncompliant(self):
8        # Noncompliant: logging disabled
9        aws_apigatewayv2.CfnStage(self, 'rHttpApiDefaultStage',
10                                  api_id='foo', stage_name='$default',
11                                  auto_deploy=True)

Compliant example

1import aws_cdk as cdk
2from aws_cdk import aws_apigatewayv2
3
4
5class APILoggingDisabled(cdk.Stack):
6
7    def api_logging_disabled_compliant(self):
8        # Compliant: logging present
9        aws_apigatewayv2.CfnStage(self, 'rStage',
10                                  access_log_settings=aws_apigatewayv2
11                                  .CfnStage.access_log_settingsProperty(
12                                      destination_arn='foo',
13                                      format='$context.requestId'),
14                                  api_id='bar',
15                                  stage_name='baz')