include::../summary.adoc[]

== Why is this an issue?

include::../rationale.adoc[]

include::../impact.adoc[]

// How to fix it section

include::how-to-fix-it/api-gateway.adoc[]

include::how-to-fix-it/opensearch.adoc[]

== Resources

include::../common/resources/docs.adoc[]

include::../common/resources/articles.adoc[]

include::../common/resources/presentations.adoc[]

include::../common/resources/standards-iac.adoc[]


ifdef::env-github,rspecator-view[]

'''
== Implementation Specification
(visible only on this page)

=== Message

For `AWS::Elasticsearch::Domain` and `AWS::OpenSearchService::Domain`:

* If `TLSSecurityPolicy` is specified but has the wrong value
** Change this code to disable support of older TLS versions.
* If `DomainEndpointOptions` is specified but does not contain `TLSSecurityPolicy`
** Set "TLSSecurityPolicy" to disable support of older TLS versions.
* If `DomainEndpointOptions` is not specified at all
** Set "DomainEndpointOptions.TLSSecurityPolicy" to disable support of older TLS versions.

For `AWS::ApiGateway::DomainName`:

 * If `SecurityPolicy` is specified but has the wrong value
** Change this code to disable support of older TLS versions.

For `AWS::ApiGatewayV2::DomainName`:

 * If `SecurityPolicy` is specified but has the wrong value
 ** Change this code to disable support of older TLS versions.


=== Highlighting


For `AWS::Elasticsearch::Domain` and `AWS::OpenSearchService::Domain`:

* Highlight `TLSSecurityPolicy` if it is specified but has the wrong value
* Highlight `DomainEndpointOptions` if it is specified but does not contain `TLSSecurityPolicy`
* Highlight resource if `DomainEndpointOptions` is not specified at all

For `AWS::ApiGateway::DomainName`:

 * Highlight `SecurityPolicy` if it is specified but has the wrong value

For `AWS::ApiGatewayV2::DomainName`:

 * Highlight `SecurityPolicy` if it is specified but has the wrong value



'''
== Comments And Links
(visible only on this page)

include::../comments-and-links.adoc[]

endif::env-github,rspecator-view[]