bug(cloudformation): api_gateway_access_logging_disabled not working for HTTP API Gateways #6944
Labels
aws
PR related with AWS Cloud
bug
Something isn't working
cloudformation
CloudFormation query
community
Community contribution
query
New query feature
A recent change in Kics 8ac0687 introduced a check for
DefaultRouteSettings
onAWS::ApiGatewayV2::Stage
. This check expects a value onProperties.DefaultRouteSettings.LoggingLevel
which is a field that can be ONLY set for non-HTTP API Gateways.If we try to set it, then CloudFormation fails with an error:
I believe the presence of
Properties.DefaultRouteSettings.LoggingLevel
is actually optional, we can enable logging by simply specifyingAccessLogSettings
.Expected Behavior
HTTP API gateways with logging enabled should pass the Kics validation.
Actual Behavior
Kics requires a setting to be added on the CloudFormation template that is only compatible with WebSocket API Gateways.
Steps to Reproduce the Problem
The test on https://github.com/Checkmarx/kics/blob/master/assets/queries/cloudFormation/aws/api_gateway_access_logging_disabled/test/negative1.yaml will only work for Web Sockets API Gateways.
Specifications
The text was updated successfully, but these errors were encountered: