Terraform Missing Access Log Settings
Description
Identifies AWS API Gateway stages that have access logging disabled. Missing access logs can hinder security monitoring, incident investigation and compliance by failing to track API requests and responses.
Detection Strategy
• Examines Terraform configuration files for AWS API Gateway stage resources
• Verifies if access logging settings are configured for the API Gateway stage
• Reports a vulnerability when access_log_settings is missing or disabled for an API Gateway stage
Vulnerable code example
resource "aws_api_gateway_stage" "example" {
deployment_id = aws_api_gateway_deployment.example.id
rest_api_id = aws_api_gateway_rest_api.example.id
stage_name = "example"
# Vulnerable: Missing xray_tracing_enabled for proper request tracing/monitoring
}✅ Secure code example
resource "aws_api_gateway_stage" "example" {
deployment_id = aws_api_gateway_deployment.example.id
rest_api_id = aws_api_gateway_rest_api.example.id
stage_name = "example"
# Safe: Enable X-Ray tracing for request monitoring and debugging
xray_tracing_enabled = true
...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.