Cloudformation-coverage-roadmap: AWS::ApiGateway::DomainName- (new parameter)

Created on 25 Jul 2019 · 5Comments · Source: aws-cloudformation/cloudformation-coverage-roadmap

Add new parameters to AWS::ApiGateway::DomainName -> Security Policy, DomainNameStatus

Scope of request -> Create Domain Name API takes additional input: security policy

Expected behavior -> in Create, allow setting security policy. In Update, allow changing to a different security policy.
Test case recommendation (optional) -> Once done, get domain name should return domain name with new attributes security policy and status
Links to existing API doc (optional) -> API docs at https://docs.aws.amazon.com/apigateway/api-reference/resource/domain-name/
Category tag (optional) -> Networking/Content Delivery
Any additional context (optional)

networking & content deliv

Source

luiseduardocolon

👍35

Most helpful comment

We are interested in this parameter being available. In the meantime, we need to update from TLS 1.0 to TLS 1.2 via Web console or AWS CLI. We are not able to define this using SAM/CF

AmillerSC on 17 Aug 2019

👍5

All 5 comments

We are interested in this parameter being available. In the meantime, we need to update from TLS 1.0 to TLS 1.2 via Web console or AWS CLI. We are not able to define this using SAM/CF

AmillerSC on 17 Aug 2019

👍5

I would suggest making TLS 1.2 the default value for new domains, to make sure those who miss this setting is still getting the best possible security.

dan-lind on 3 Sep 2019

👍2

I think the response will be, "changing the default to TLS 1.2 breaks backwards compatibility". If it is, we need CloudFormation to think about better ways of versioning these resources so people can get security upgrades like this by default, but pin behavior for compatibility if needed.

benkehoe on 3 Sep 2019

👍1

I'd like to see this fwiw, we've just hit wanting this at my place and are now having to look into alternatives. Anything I can do to help let me know. Thanks.