HIGH
Source
Trivy
ID
AVD-AWS-0112

SAM API domain name uses outdated SSL/TLS protocols.

You should not use outdated/insecure TLS versions for encryption. You should be using TLS v1.2+.

Impact

Outdated SSL policies increase exposure to known vulnerabilities

Follow the appropriate remediation steps below to resolve the issue.

Use the most modern TLS/SSL policies available

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
---
AWSTemplateFormatVersion: "2010-09-09"
Description: A sample template
AWSTemplateFormatVersion: 2010-09-09
Description: Good Example of SAM API
Resources:
  ApiGatewayApi:
    Type: AWS::Serverless::Api
    Properties:
      Name: Good SAM API example
      StageName: Prod
      TracingEnabled: false
      Domain:
        SecurityPolicy: TLS_1_2