prowler-cloud
feat(apigateway): add new check `apigateway_restapi_cache_encrypted`
Context
This control checks whether all methods in API Gateway REST API stages that have cache enabled are encrypted. The control fails if any method in an API Gateway REST API stage is configured to cache and the cache is not encrypted. Encrypting data at rest reduces the risk of data stored on disk being accessed by a user not authenticated to AWS. It adds another set of access controls to limit unauthorized users ability access the data.
Description
Add new check apigateway_restapi_cache_encrypted with its unit tests.
Checklist
- Are there new checks included in this PR? Yes / No
- If so, do we need to update permissions for the provider? Please review this carefully.
- [ ] Review if the code is being covered by tests.
- [ ] Review if code is being documented following this specification https://github.com/google/styleguide/blob/gh-pages/pyguide.md#38-comments-and-docstrings
- [ ] Review if backport is needed.
License
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
Codecov Report
All modified and coverable lines are covered by tests :white_check_mark:
Project coverage is 89.32%. Comparing base (
9969e27) to head (6235745). Report is 1183 commits behind head on master.
Additional details and impacted files
@@ Coverage Diff @@
## master #5448 +/- ##
==========================================
+ Coverage 89.25% 89.32% +0.06%
==========================================
Files 1048 1050 +2
Lines 32478 32588 +110
==========================================
+ Hits 28989 29109 +120
+ Misses 3489 3479 -10
| Components | Coverage Δ | |
|---|---|---|
| prowler | 89.32% <100.00%> (+0.06%) |
:arrow_up: |
| api | ∅ <ø> (∅) |
![codecov[bot] avatar](https://avatars.githubusercontent.com/in/254?v=4 "Published by a pub.dev verified publisher"){kind=small}