terraform.aws.best-practice.missing-api-gateway-cache-cluster.missing-api-gateway-cache-cluster

profile photo of semgrepsemgrep
Author
unknown
Download Count*

Found a AWS API Gateway Stage without cache cluster enabled. Enabling the cache cluster feature enhances responsiveness of your API. Add cache_cluster_enabled = true to your resource block.

Run Locally

Run in CI

Defintion

rules:
  - id: missing-api-gateway-cache-cluster
    severity: WARNING
    languages:
      - hcl
    message: Found a AWS API Gateway Stage without cache cluster enabled. Enabling
      the cache cluster feature enhances responsiveness of your API. Add
      `cache_cluster_enabled = true` to your resource block.
    metadata:
      category: best-practice
      technology:
        - aws
        - terraform
      license: Commons Clause License Condition v1.0[LGPL-2.1-only]
    patterns:
      - pattern: |
          resource "aws_api_gateway_stage" $ANYTHING {
            ...
          }
      - pattern-not-inside: |
          resource "aws_api_gateway_stage" $ANYTHING {
            ...
            cache_cluster_enabled = true
            ...
          }

Examples

missing-api-gateway-cache-cluster.tf

# Copyright 2019 Bridgecrew
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#    http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

# ok: missing-api-gateway-cache-cluster
resource "aws_api_gateway_stage" "pass" {
  name                  = "example"
  cache_cluster_enabled = true
}

# ruleid: missing-api-gateway-cache-cluster
resource "aws_api_gateway_stage" "fail" {
  name = "example"
}