π§ AWS API Gateway API Access Logging in CloudWatch is not enabled - prod.logic.yaml π π’
- Contextual name: π§ prod.logic.yaml π π’
- ID:
/ce/ca/aws/apigateway/api-access-logging/prod.logic.yaml - Located in: π AWS API Gateway API Access Logging in CloudWatch is not enabled π’
Flagsβ
- π’ Logic test success
- π’ Logic with test data
- π Logic without extracts
Input Typeβ
| Type | API Name | Extracts | Extract Files | Logic Files | |
|---|---|---|---|---|---|
| π | π AWS API Gateway API | CA10__CaAwsApiGatewayRestApi__c | 2 | 1 | 3 |
Usesβ
- π§ͺ test-data.json
Test Results π’β
Generated at: 2025-04-24T23:44:18.028264545Z Open
| Result | Id | Condition Index | Condition Text | Runtime Error |
|---|---|---|---|---|
| π’ | test1 | βοΈ 99 | βοΈ isDisappeared(CA10__disappearanceTime__c) | βοΈ null |
| π’ | test2 | βοΈ 199 | βοΈ CA10__AWS_API_Gateway_Stages__r.has(INCOMPLIANT) | βοΈ null |
| π’ | test3 | βοΈ 199 | βοΈ CA10__AWS_API_Gateway_Stages__r.has(INCOMPLIANT) | βοΈ null |
| π’ | test4 | βοΈ 199 | βοΈ CA10__AWS_API_Gateway_Stages__r.has(INCOMPLIANT) | βοΈ null |
| π’ | test5 | βοΈ 200 | βοΈ otherwise | βοΈ null |
| π’ | test6 | βοΈ 200 | βοΈ otherwise | βοΈ null |
Generationβ
| File | MD5 | |
|---|---|---|
| Open | /ce/ca/aws/apigateway/api-access-logging/policy.yaml | 27EB0EAEDBCF4B965C9DEB6AB46A20B3 |
| Open | /ce/ca/aws/apigateway/api-access-logging/prod.logic.yaml | A85D538DFDC61E4941F09CA061EC263A |
| Open | /ce/ca/aws/apigateway/api-access-logging/test-data.json | 80C72546B58BBFE5F161E6CFC7DED26B |
Generate FULL scriptβ
java -jar repo-manager.jar policies generate FULL /ce/ca/aws/apigateway/api-access-logging/prod.logic.yaml
Generate DEBUG scriptβ
java -jar repo-manager.jar policies generate DEBUG /ce/ca/aws/apigateway/api-access-logging/prod.logic.yaml
Generate CAPTURE_TEST_DATA scriptβ
java -jar repo-manager.jar policies generate CAPTURE_TEST_DATA /ce/ca/aws/apigateway/api-access-logging/prod.logic.yaml
Generate TESTS scriptβ
java -jar repo-manager.jar policies generate TESTS /ce/ca/aws/apigateway/api-access-logging/prod.logic.yaml
Execute testsβ
java -jar repo-manager.jar policies test /ce/ca/aws/apigateway/api-access-logging/prod.logic.yaml
Contentβ
---
inputType: "CA10__CaAwsApiGatewayRestApi__c"
testData:
- file: test-data.json
conditions:
- status: "INCOMPLIANT"
currentStateMessage: "There is at least one related API Stage where CloudWatch Access Logs are not enabled."
remediationMessage: "Consider enabling CloudWatch Access Logs for the API Stage."
check:
RELATED_LIST_HAS:
relationshipName: "CA10__AWS_API_Gateway_Stages__r"
status: "INCOMPLIANT"
otherwise:
status: "COMPLIANT"
currentStateMessage: "API is compliant"
relatedLists:
- relationshipName: "CA10__AWS_API_Gateway_Stages__r"
conditions:
- status: "INCOMPLIANT"
currentStateMessage: "CloudWatch Access Logs are not enabled for this API Stage."
remediationMessage: "Consider enabling CloudWatch Access Logs for this API Stage."
check:
IS_EMPTY_LOOKUP: "CA10__accessLoggingDestination__r"
otherwise:
status: "COMPLIANT"
currentStateMessage: "CloudWatch Access Logs are enabled."