AWS025 - API Gateway domain name uses outdated SSL/TLS protocols.

Written by tfsec

Explanation

You should not use outdated/insecure TLS versions for encryption. You should be using TLS v1.2+.

Insecure Example

The following example will fail the AWS025 check.

resource "aws_api_gateway_domain_name" "bad_example" {
	security_policy = "TLS_1_0"
}

Secure Example

The following example will pass the AWS025 check.

resource "aws_api_gateway_domain_name" "good_example" {
	security_policy = "TLS_1_2"
}

Related Links

• https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/api_gateway_domain_name#security_policy

• https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-custom-domain-tls-version.html

---