Ensure AWS API Gateway Domain uses a modern security policy

Error: AWS API Gateway Domain does not use a modern security policy

Bridgecrew Policy ID: BC_AWS_GENERAL_138
Checkov Check ID: CKV_AWS_206
Severity: LOW

AWS API Gateway Domain does not use a modern security policy

Description

AWS API Gateway Domain allows you to set the security policy. Using TLS 1_0 allows you to use insecure cypher suites.

Fix - Runtime

  1. In the AWS console, go to API Gateway.
  2. Select Custom Domain Names.
  3. Select the domain name to update and then Edit.
  4. For Minimum TLS version, select TLS 1.2.
  5. Select Save.

Fix - Buildtime

Terraform

resource "aws_api_gateway_domain_name" "example" {
...
  + security_policy = TLS_1_2
...
}