HIGH
Source
Trivy
ID
AVD-AWS-0005

API Gateway domain name uses outdated SSL/TLS protocols.

You should not use outdated/insecure TLS versions for encryption. You should be using TLS v1.2+.

Impact

Outdated SSL policies increase exposure to known vulnerabilities

Follow the appropriate remediation steps below to resolve the issue.

Use the most modern TLS/SSL policies available

1
2
3
resource "aws_api_gateway_domain_name" "good_example" {
  security_policy = "TLS_1_2"
}