include::../summary.adoc[] == Why is this an issue? include::../rationale.adoc[] include::../impact.adoc[] // How to fix it section include::how-to-fix-it/api-gateway.adoc[] include::how-to-fix-it/opensearch.adoc[] == Resources include::../common/resources/docs.adoc[] include::../common/resources/articles.adoc[] include::../common/resources/presentations.adoc[] include::../common/resources/standards.adoc[] ifdef::env-github,rspecator-view[] ''' == Implementation Specification (visible only on this page) === Message For `AWS::Elasticsearch::Domain` and `AWS::OpenSearchService::Domain`: * If `TLSSecurityPolicy` is specified but has the wrong value ** Change this code to disable support of older TLS versions. * If `DomainEndpointOptions` is specified but does not contain `TLSSecurityPolicy` ** Set "TLSSecurityPolicy" to disable support of older TLS versions. * If `DomainEndpointOptions` is not specified at all ** Set "DomainEndpointOptions.TLSSecurityPolicy" to disable support of older TLS versions. For `AWS::ApiGateway::DomainName`: * If `SecurityPolicy` is specified but has the wrong value ** Change this code to disable support of older TLS versions. * If `SecurityPolicy` is not specified at all ** Set "SecurityPolicy" to disable support of older TLS versions. For `AWS::ApiGatewayV2::DomainName`: * If `SecurityPolicy` is specified but has the wrong value ** Change this code to disable support of older TLS versions. * If `DomainNameConfigurations` exists but `SecurityPolicy` is not specified ** Set "SecurityPolicy" to disable support of older TLS versions. * If `DomainNameConfigurations` does not exist ** Set "DomainNameConfigurations.SecurityPolicy" to disable support of older TLS versions. === Highlighting For `AWS::Elasticsearch::Domain` and `AWS::OpenSearchService::Domain`: * Highlight `TLSSecurityPolicy` if it is specified but has the wrong value * Highlight `DomainEndpointOptions` if it is specified but does not contain `TLSSecurityPolicy` * Highlight resource if `DomainEndpointOptions` is not specified at all For `AWS::ApiGateway::DomainName`: * Highlight `SecurityPolicy` if it is specified but has the wrong value * Highlight resource if `SecurityPolicy` is not specified at all For `AWS::ApiGatewayV2::DomainName`: * Highlight `SecurityPolicy` if it is specified but has the wrong value * Highlight `DomainNameConfigurations` if it exists but `SecurityPolicy` is not specified * Highlight resource if `DomainNameConfigurations` does not exist ''' == Comments And Links (visible only on this page) include::../comments-and-links.adoc[] endif::env-github,rspecator-view[]