Ensure AWS API Gateway Domain uses a modern security policy
Error: AWS API Gateway Domain does not use a modern security policy
Bridgecrew Policy ID: BC_AWS_GENERAL_138
Checkov Check ID: CKV_AWS_206
Severity: LOW
AWS API Gateway Domain does not use a modern security policy
Description
AWS API Gateway Domain allows you to set the security policy. Using TLS 1_0 allows you to use insecure cypher suites.
Fix - Runtime
- In the AWS console, go to API Gateway.
- Select Custom Domain Names.
- Select the domain name to update and then Edit.
- For Minimum TLS version, select TLS 1.2.
- Select Save.
Fix - Buildtime
Terraform
resource "aws_api_gateway_domain_name" "example" {
...
+ security_policy = TLS_1_2
...
}
Updated 10 months ago