AWS API Gateway Domain does not use a modern security policy

Description

AWS API Gateway Domain allows you to set the security policy. Using TLS 1_0 allows you to use insecure cypher suites.

Fix - Runtime

1. In the AWS console, go to API Gateway.
2. Select Custom Domain Names.
3. Select the domain name to update and then Edit.
4. For Minimum TLS version, select TLS 1.2.
5. Select Save.

Fix - Buildtime

Terraform

resource "aws_api_gateway_domain_name" "example" {
...
  + security_policy = TLS_1_2
...
}