rspec/rules/S4423/terraform/how-to-fix-it/aws-api-gateway.adoc

== How to fix it in AWS API Gateway

=== Code examples

These code samples illustrate how to fix this issue in both APIGateway and
ApiGatewayV2.

==== Noncompliant code example

[source,terraform,diff-id=1,diff-type=noncompliant]
----
resource "aws_api_gateway_domain_name" "example" {
  domain_name = "api.example.com"
  security_policy = "TLS_1_0" # Noncompliant
}
----

The ApiGatewayV2 uses a weak TLS version by default:

[source,terraform,diff-id=2,diff-type=noncompliant]
----
resource "aws_apigatewayv2_domain_name" "example" {
  domain_name = "api.example.com"
  domain_name_configuration {} # Noncompliant
}
----


==== Compliant solution

[source,terraform,diff-id=1,diff-type=compliant]
----
resource "aws_api_gateway_domain_name" "example" {
  domain_name = "api.example.com"
  security_policy = "TLS_1_2"
}
----

[source,terraform,diff-id=2,diff-type=compliant]
----
resource "aws_apigatewayv2_domain_name" "example" {
  domain_name = "api.example.com"
  domain_name_configuration {
    security_policy = "TLS_1_2"
  }
}
----

=== How does this work?

include::../../common/fix/fix.adoc[]
Modify S4423: Learn-As-You-Code Migration (#2097) Co-authored-by: hendrik-buchwald-sonarsource <64110887+hendrik-buchwald-sonarsource@users.noreply.github.com> 2023-06-20 17:36:01 +02:00			`== How to fix it in AWS API Gateway`

			`=== Code examples`

			`These code samples illustrate how to fix this issue in both APIGateway and`
			`ApiGatewayV2.`

			`==== Noncompliant code example`

			`[source,terraform,diff-id=1,diff-type=noncompliant]`
			`----`
			`resource "aws_api_gateway_domain_name" "example" {`
			`domain_name = "api.example.com"`
			`security_policy = "TLS_1_0" # Noncompliant`
			`}`
			`----`

			`The ApiGatewayV2 uses a weak TLS version by default:`

			`[source,terraform,diff-id=2,diff-type=noncompliant]`
			`----`
			`resource "aws_apigatewayv2_domain_name" "example" {`
			`domain_name = "api.example.com"`
			`domain_name_configuration {} # Noncompliant`
			`}`
			`----`


			`==== Compliant solution`

			`[source,terraform,diff-id=1,diff-type=compliant]`
			`----`
			`resource "aws_api_gateway_domain_name" "example" {`
			`domain_name = "api.example.com"`
			`security_policy = "TLS_1_2"`
			`}`
			`----`

			`[source,terraform,diff-id=2,diff-type=compliant]`
			`----`
			`resource "aws_apigatewayv2_domain_name" "example" {`
			`domain_name = "api.example.com"`
			`domain_name_configuration {`
			`security_policy = "TLS_1_2"`
			`}`
			`}`
			`----`

			`=== How does this work?`

			`include::../../common/fix/fix.adoc[]`