include::../summary.adoc[] == Why is this an issue? include::../rationale.adoc[] include::../impact.adoc[] // How to fix it section include::how-to-fix-it/aws-api-gateway.adoc[] include::how-to-fix-it/aws-opensearch.adoc[] include::how-to-fix-it/azure-mssql.adoc[] include::how-to-fix-it/gcp-lb.adoc[] == Resources include::../common/resources/docs.adoc[] include::../common/resources/articles.adoc[] include::../common/resources/presentations.adoc[] include::../common/resources/standards_iac.adoc[] ifdef::env-github,rspecator-view[] ''' == Implementation Specification (visible only on this page) === Message ==== AWS For `aws_elasticsearch_domain`: * If `tls_security_policy` is specified but has the wrong value ** Change this code to disable support of older TLS versions. * If `domain_endpoint_options` is specified but does not contain `tls_security_policy` ** Set "tls_security_policy" to disable support of older TLS versions. * If resource if `domain_endpoint_options` is not specified at all ** Set "domain_endpoint_options.tls_security_policy" to disable support of older TLS versions. For `aws_api_gateway_domain_name`: * If `security_policy` is specified but has the wrong value ** Change this code to disable support of older TLS versions. * If resource if `security_policy` is not specified at all ** Set "security_policy" to disable support of older TLS versions. For `aws_apigatewayv2_domain_name`: * If `security_policy` is specified but has the wrong value ** Change this code to disable support of older TLS versions. * If `domain_name_configuration` is specified but does not contain `security_policy` ** Set "security_policy" to disable support of older TLS versions. * If resource if `domain_name_configuration` is not specified at all ** Set "domain_name_configuration.security_policy" to disable support of older TLS versions. ==== GCP For `google_compute_ssl_policy`: * If `min_tls_version` is specified but has the wrong value ** Change this code to disable support of older TLS versions. * If `min_tls_version` is not specified at all ** Set "min_tls_version" to disable support of older TLS versions. === Highlighting ==== AWS For `aws_elasticsearch_domain`: * Highlight `tls_security_policy` if it is specified but has the wrong value * Highlight `domain_endpoint_options` if it is specified but does not contain `tls_security_policy` * Highlight resource if `domain_endpoint_options` is not specified at all For `aws_api_gateway_domain_name`: * Highlight `security_policy` if it is specified but has the wrong value * Highlight resource if `security_policy` is not specified at all For `aws_apigatewayv2_domain_name`: * Highlight `security_policy` if it is specified but has the wrong value * Highlight `domain_name_configuration` if it is specified but does not contain `security_policy` * Highlight resource if `domain_name_configuration` is not specified at all ==== GCP For `google_compute_ssl_policy`: * Highlight `min_tls_version` if it is specified but has the wrong value * Highlight resource if `min_tls_version` is not specified at all ''' == Comments And Links (visible only on this page) include::../comments-and-links.adoc[] endif::env-github,rspecator-view[]