51369b610e
When an include is not surrounded by empty lines, its content is inlined on the same line as the adjacent content. That can lead to broken tags and other display issues. This PR fixes all such includes and introduces a validation step that forbids introducing the same problem again.
89 lines
2.6 KiB
Plaintext
89 lines
2.6 KiB
Plaintext
include::../summary.adoc[]
|
|
|
|
== Why is this an issue?
|
|
|
|
include::../rationale.adoc[]
|
|
|
|
include::../impact.adoc[]
|
|
|
|
// How to fix it section
|
|
|
|
include::how-to-fix-it/api-gateway.adoc[]
|
|
|
|
include::how-to-fix-it/opensearch.adoc[]
|
|
|
|
== Resources
|
|
|
|
include::../common/resources/docs.adoc[]
|
|
|
|
include::../common/resources/articles.adoc[]
|
|
|
|
include::../common/resources/presentations.adoc[]
|
|
|
|
include::../common/resources/standards.adoc[]
|
|
|
|
|
|
ifdef::env-github,rspecator-view[]
|
|
|
|
'''
|
|
== Implementation Specification
|
|
(visible only on this page)
|
|
|
|
=== Message
|
|
|
|
For `AWS::Elasticsearch::Domain` and `AWS::OpenSearchService::Domain`:
|
|
|
|
* If `TLSSecurityPolicy` is specified but has the wrong value
|
|
** Change this code to disable support of older TLS versions.
|
|
* If `DomainEndpointOptions` is specified but does not contain `TLSSecurityPolicy`
|
|
** Set "TLSSecurityPolicy" to disable support of older TLS versions.
|
|
* If `DomainEndpointOptions` is not specified at all
|
|
** Set "DomainEndpointOptions.TLSSecurityPolicy" to disable support of older TLS versions.
|
|
|
|
For `AWS::ApiGateway::DomainName`:
|
|
|
|
* If `SecurityPolicy` is specified but has the wrong value
|
|
** Change this code to disable support of older TLS versions.
|
|
* If `SecurityPolicy` is not specified at all
|
|
** Set "SecurityPolicy" to disable support of older TLS versions.
|
|
|
|
For `AWS::ApiGatewayV2::DomainName`:
|
|
|
|
* If `SecurityPolicy` is specified but has the wrong value
|
|
** Change this code to disable support of older TLS versions.
|
|
* If `DomainNameConfigurations` exists but `SecurityPolicy` is not specified
|
|
** Set "SecurityPolicy" to disable support of older TLS versions.
|
|
* If `DomainNameConfigurations` does not exist
|
|
** Set "DomainNameConfigurations.SecurityPolicy" to disable support of older TLS versions.
|
|
|
|
|
|
=== Highlighting
|
|
|
|
|
|
For `AWS::Elasticsearch::Domain` and `AWS::OpenSearchService::Domain`:
|
|
|
|
* Highlight `TLSSecurityPolicy` if it is specified but has the wrong value
|
|
* Highlight `DomainEndpointOptions` if it is specified but does not contain `TLSSecurityPolicy`
|
|
* Highlight resource if `DomainEndpointOptions` is not specified at all
|
|
|
|
For `AWS::ApiGateway::DomainName`:
|
|
|
|
* Highlight `SecurityPolicy` if it is specified but has the wrong value
|
|
* Highlight resource if `SecurityPolicy` is not specified at all
|
|
|
|
For `AWS::ApiGatewayV2::DomainName`:
|
|
|
|
* Highlight `SecurityPolicy` if it is specified but has the wrong value
|
|
* Highlight `DomainNameConfigurations` if it exists but `SecurityPolicy` is not specified
|
|
* Highlight resource if `DomainNameConfigurations` does not exist
|
|
|
|
|
|
|
|
'''
|
|
== Comments And Links
|
|
(visible only on this page)
|
|
|
|
include::../comments-and-links.adoc[]
|
|
|
|
endif::env-github,rspecator-view[]
|