Ensure AWS Cloudsearch uses the latest (Transport Layer Security) TLS

Error: AWS Cloudsearch does not use the latest (Transport Layer Security) TLS

Bridgecrew Policy ID: BC_AWS_GENERAL_135
Checkov Check ID: CKV_AWS_218
Severity: LOW

AWS Cloudsearch does not use the latest (Transport Layer Security) TLS

Description

The Transport Layer Security (TLS) protocol secures transmission of data between servers and web browsers, over the Internet, using standard encryption technology. To follow security best practices and the latest PCI compliance standards, enable the latest version of TLS protocol (i.e. TLS 1.2) for all your AWS Cloudsearch domains.

Fix - Runtime

Fix - Buildtime

Terraform

resource "aws_cloudsearch_domain" "pass" {
  name = "example-domain"

  scaling_parameters {
    desired_instance_type = "search.medium"
  }

  index_field {
    name            = "headline"
    type            = "text"
    search          = true
    return          = true
    sort            = true
    highlight       = false
    analysis_scheme = "_en_default_"
  }

  index_field {
    name   = "price"
    type   = "double"
    search = true
    facet  = true
    return = true
    sort   = true
  }
  endpoint_options {
    enforce_https       = false
    tls_security_policy = "Policy-Min-TLS-1-2-2019-07"
  }
}