MEDIUM
Source
Trivy
ID
AVD-AWS-0113

SAM API stages for V1 and V2 should have access logging enabled

API Gateway stages should have access log settings block configured to track all access to a particular stage. This should be applied to both v1 and v2 gateway stages.

Impact

Follow the appropriate remediation steps below to resolve the issue.

Enable logging for API Gateway stages

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
Resources:
  GoodExample:
    Type: AWS::Serverless::Api
    Properties:
      AccessLogSetting:
        DestinationArn: gateway-logging
        Format: json
      Domain:
        SecurityPolicy: TLS_1_2
      Name: Good SAM API example
      StageName: Prod
      TracingEnabled: false