rspec/rules/S4423/terraform/rule.adoc

include::../rule.adoc[]

== Noncompliant Code Example

For https://aws.amazon.com/api-gateway/[Amazon API Gateway]:

----
resource "aws_api_gateway_domain_name" "example" {
  domain_name = "api.example.com"
  security_policy = "TLS_1_0" # Noncompliant
}
----

----
resource "aws_apigatewayv2_domain_name" "example" {
  domain_name = "api.example.com"
  domain_name_configuration {} # Noncompliant
}
----

== Compliant Solution

For https://aws.amazon.com/api-gateway/[Amazon API Gateway]:

----
resource "aws_api_gateway_domain_name" "example" {
  domain_name = "api.example.com"
  security_policy = "TLS_1_2"
}
----

----
resource "aws_apigatewayv2_domain_name" "example" {
  domain_name = "api.example.com"
  domain_name_configuration {
    security_policy = "TLS_1_2"
  }
}
----

include::../see.adoc[]
* https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-custom-domain-tls-version.html[Amazon API Gateway] - Choosing a minimum TLS version


ifdef::env-github,rspecator-view[]

'''
== Implementation Specification
(visible only on this page)

include::../message.adoc[]

include::highlighting.adoc[]

'''
== Comments And Links
(visible only on this page)

include::../comments-and-links.adoc[]
endif::env-github,rspecator-view[]
Create rule S4423[terraform]: Add AWS API Gateway Domain Name (#456) * Add terraform to rule S4423 * Add terraform * Include main description * Improve description * Update rules/S4423/description.adoc Co-authored-by: Pierre-Loup <49131563+pierre-loup-tristant-sonarsource@users.noreply.github.com> * Update rules/S4423/terraform/rule.adoc Co-authored-by: Pierre-Loup <49131563+pierre-loup-tristant-sonarsource@users.noreply.github.com> * Add highlight * Add aws_api_gatewayv2_domain_name example * Add highlight * Change noncompliant api gateway v2 * Fix wrong apigatewayv2 name * Add code sample introduction Co-authored-by: hendrik-buchwald-sonarsource <hendrik-buchwald-sonarsource@users.noreply.github.com> Co-authored-by: Hendrik Buchwald <hendrik.buchwald@sonarsource.com> Co-authored-by: hendrik-buchwald-sonarsource <64110887+hendrik-buchwald-sonarsource@users.noreply.github.com> Co-authored-by: Pierre-Loup <49131563+pierre-loup-tristant-sonarsource@users.noreply.github.com> Co-authored-by: Nils Werner <64034005+nils-werner-sonarsource@users.noreply.github.com> 2021-11-08 09:10:28 +00:00			`include::../rule.adoc[]`

			`== Noncompliant Code Example`

			`For https://aws.amazon.com/api-gateway/[Amazon API Gateway]:`

			`----`
			`resource "aws_api_gateway_domain_name" "example" {`
			`domain_name = "api.example.com"`
			`security_policy = "TLS_1_0" # Noncompliant`
			`}`
			`----`

			`----`
			`resource "aws_apigatewayv2_domain_name" "example" {`
			`domain_name = "api.example.com"`
			`domain_name_configuration {} # Noncompliant`
			`}`
			`----`

			`== Compliant Solution`

			`For https://aws.amazon.com/api-gateway/[Amazon API Gateway]:`

			`----`
			`resource "aws_api_gateway_domain_name" "example" {`
			`domain_name = "api.example.com"`
			`security_policy = "TLS_1_2"`
			`}`
			`----`

			`----`
			`resource "aws_apigatewayv2_domain_name" "example" {`
			`domain_name = "api.example.com"`
			`domain_name_configuration {`
			`security_policy = "TLS_1_2"`
			`}`
			`}`
			`----`

			`include::../see.adoc[]`
			`* https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-custom-domain-tls-version.html[Amazon API Gateway] - Choosing a minimum TLS version`


			`ifdef::env-github,rspecator-view[]`

			`'''`
			`== Implementation Specification`
			`(visible only on this page)`

			`include::../message.adoc[]`

			`include::highlighting.adoc[]`

			`'''`
			`== Comments And Links`
			`(visible only on this page)`

			`include::../comments-and-links.adoc[]`
			`endif::env-github,rspecator-view[]`