Ensure Serverless Framework API should have HTTP Access Logging is enabled

Serverless Framework API is a way of creating and managing HTTP APIs with the Serverless Framework.
HTTP Access Logging records information about the requests and responses that pass through your API.
You can enable HTTP Access Logging for your Serverless Framework API by adding a logs property to your provider section in your serverless.yml file.
The logs property can have a httpApi property that specifies the format and destination of the access logs.

One possible reason you should enable HTTP Access Logging for your Serverless Framework API is to gain insight into your serverless application's web traffic and user behavior.
With HTTP Access Logging, you can monitor your API's performance, availability, and security, analyze user trends and preferences, troubleshoot errors and issues, and optimize your code and resources.

Suggest Edits

Risk Level: medium
Platform: AWS Serverless
Spectral Rule ID: SLFW001

REMEDIATION

In provider.logs.restAPI, set accessLogging to true

service: myservice
frameworkVersion: '2'
provider:
  name: aws
  logs:
    restApi:
-     accessLogging: false
+     accessLogging: true

https://www.serverless.com/framework/docs/providers/aws/guide/serverless.yml#provider

Updated 7 months ago

REMEDIATION

Read more: