80 lines
2.0 KiB
Plaintext
80 lines
2.0 KiB
Plaintext
include::../summary.adoc[]
|
|
|
|
== Why is this an issue?
|
|
|
|
include::../rationale.adoc[]
|
|
|
|
include::../impact.adoc[]
|
|
|
|
// How to fix it section
|
|
|
|
include::how-to-fix-it/api-gateway.adoc[]
|
|
|
|
include::how-to-fix-it/opensearch.adoc[]
|
|
|
|
== Resources
|
|
|
|
include::../common/resources/docs.adoc[]
|
|
|
|
include::../common/resources/articles.adoc[]
|
|
|
|
include::../common/resources/presentations.adoc[]
|
|
|
|
include::../common/resources/standards-iac.adoc[]
|
|
|
|
|
|
ifdef::env-github,rspecator-view[]
|
|
|
|
'''
|
|
== Implementation Specification
|
|
(visible only on this page)
|
|
|
|
=== Message
|
|
|
|
For `AWS::Elasticsearch::Domain` and `AWS::OpenSearchService::Domain`:
|
|
|
|
* If `TLSSecurityPolicy` is specified but has the wrong value
|
|
** Change this code to disable support of older TLS versions.
|
|
* If `DomainEndpointOptions` is specified but does not contain `TLSSecurityPolicy`
|
|
** Set "TLSSecurityPolicy" to disable support of older TLS versions.
|
|
* If `DomainEndpointOptions` is not specified at all
|
|
** Set "DomainEndpointOptions.TLSSecurityPolicy" to disable support of older TLS versions.
|
|
|
|
For `AWS::ApiGateway::DomainName`:
|
|
|
|
* If `SecurityPolicy` is specified but has the wrong value
|
|
** Change this code to disable support of older TLS versions.
|
|
|
|
For `AWS::ApiGatewayV2::DomainName`:
|
|
|
|
* If `SecurityPolicy` is specified but has the wrong value
|
|
** Change this code to disable support of older TLS versions.
|
|
|
|
|
|
=== Highlighting
|
|
|
|
|
|
For `AWS::Elasticsearch::Domain` and `AWS::OpenSearchService::Domain`:
|
|
|
|
* Highlight `TLSSecurityPolicy` if it is specified but has the wrong value
|
|
* Highlight `DomainEndpointOptions` if it is specified but does not contain `TLSSecurityPolicy`
|
|
* Highlight resource if `DomainEndpointOptions` is not specified at all
|
|
|
|
For `AWS::ApiGateway::DomainName`:
|
|
|
|
* Highlight `SecurityPolicy` if it is specified but has the wrong value
|
|
|
|
For `AWS::ApiGatewayV2::DomainName`:
|
|
|
|
* Highlight `SecurityPolicy` if it is specified but has the wrong value
|
|
|
|
|
|
|
|
'''
|
|
== Comments And Links
|
|
(visible only on this page)
|
|
|
|
include::../comments-and-links.adoc[]
|
|
|
|
endif::env-github,rspecator-view[]
|