Query: AppSync graphql API logging should be enabled

Description

This control checks whether an AWS AppSync API has field-level logging turned on. The control fails if the field resolver log level is set to None. Unless you provide custom parameter values to indicate that a specific log type should be enabled, Security Hub produces a passed finding if the field resolver log level is either ERROR or ALL.

Query

Tables used in this query:

• aws_appsync_graphql_api

Controls using this query:

• 2 AWS AppSync should have field-level logging enabled
• AppSync graphql API logging should be enabled

SQL