Skip to content

feat(apigateway): update domain name security policy#36643

Open
Jojo134 wants to merge 18 commits intoaws:mainfrom
Jojo134:feat/update_security_policy
Open

feat(apigateway): update domain name security policy#36643
Jojo134 wants to merge 18 commits intoaws:mainfrom
Jojo134:feat/update_security_policy

Conversation

@Jojo134
Copy link

@Jojo134 Jojo134 commented Jan 9, 2026
edited
Loading

Issue # (if applicable)

Closes #36663

Reason for this change

The TLS_1_2 security policies are legacy. The policies starting with SecurityPolicy should be preferred this introduces the possibility to do this via CDK.

Description of changes

  • Add the Security Policies to the Enum
  • Make the endpointAccessMode configurable as required by the new policies

Describe any new or updated permissions being added

Description of how you validated changes

Note: unable to run the integ tests

Checklist

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license

@github-actions github-actions bot added the p2 label Jan 9, 2026
@aws-cdk-automation aws-cdk-automation requested a review from a team January 9, 2026 15:54
@github-actions github-actions bot added the beginning-contributor [Pilot] contributed between 0-2 PRs to the CDK label Jan 9, 2026
aws-cdk-automation
aws-cdk-automation previously requested changes Jan 9, 2026
View reviewed changes
Copy link
Collaborator

@aws-cdk-automation aws-cdk-automation left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

(This review is outdated)

@Jojo134 Jojo134 changed the title feat(apigateway): Update domain name security policy feat(apigateway): update domain name security policy Jan 9, 2026
@aws-cdk-automation aws-cdk-automation added the pr/needs-further-review PR requires additional review from our team specialists due to the scope or complexity of changes. label Jan 9, 2026
@pahud pahud mentioned this pull request Jan 9, 2026
Open
@pahud pahud mentioned this pull request Jan 11, 2026
Open
@github-actions github-actions bot added the feature-request A feature should be added or improved. label Jan 12, 2026
@pahud pahud mentioned this pull request Jan 12, 2026
Open
2 tasks
@pahud
Copy link
Contributor

pahud commented Jan 12, 2026

Thanks for this PR @Jojo134!

The linked issue (#36663) also requests securityPolicy and endpointAccessMode on RestApi, not just DomainName. The CfnRestApi L1 supports both properties.

If you'd prefer to keep this PR scoped to DomainName, we can keep #36663 open for the RestApi portion.

@Jojo134
Copy link
Author

Jojo134 commented Jan 13, 2026

Thanks for this PR @Jojo134!

The linked issue (#36663) also requests securityPolicy and endpointAccessMode on RestApi, not just DomainName. The CfnRestApi L1 supports both properties.

If you'd prefer to keep this PR scoped to DomainName, we can keep #36663 open for the RestApi portion.

I would give the implementation for the RestApi a shot.

@aws-cdk-automation aws-cdk-automation dismissed their stale review January 13, 2026 14:35

✅ Updated pull request passes all PRLinter validations. Dismissing previous PRLinter review.

@github-actions
Copy link
Contributor

github-actions bot commented Jan 16, 2026
edited
Loading

⚠️ Experimental Feature: This security report is currently in experimental phase. Results may include false positives and the rules are being actively refined.
Please try merge from main to avoid findings unrelated to the PR.

TestsPassed ✅SkippedFailed
Security Guardian Results48 ran48 passed
TestResult
No test annotations available

@github-actions
Copy link
Contributor

github-actions bot commented Jan 16, 2026
edited
Loading

⚠️ Experimental Feature: This security report is currently in experimental phase. Results may include false positives and the rules are being actively refined.
Please try merge from main to avoid findings unrelated to the PR.

TestsPassed ✅SkippedFailed
Security Guardian Results with resolved templates48 ran48 passed
TestResult
No test annotations available

@Jojo134
Copy link
Author

Jojo134 commented Jan 22, 2026

Hey @pahud I implemented the changes also for the RestApi.

@pahud pahud mentioned this pull request Feb 2, 2026
Open
@aws-cdk-automation
Copy link
Collaborator

aws-cdk-automation commented Feb 3, 2026

This PR cannot be merged because it has conflicts. Please resolve them. The PR will be considered stale and closed if it remains in an unmergeable state.

1 similar comment
@aws-cdk-automation
Copy link
Collaborator

aws-cdk-automation commented Feb 4, 2026

This PR cannot be merged because it has conflicts. Please resolve them. The PR will be considered stale and closed if it remains in an unmergeable state.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@aws-cdk-automation aws-cdk-automation aws-cdk-automation left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

beginning-contributor [Pilot] contributed between 0-2 PRs to the CDK feature-request A feature should be added or improved. p2 pr/needs-further-review PR requires additional review from our team specialists due to the scope or complexity of changes.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

(aws-apigateway): Add security policy and endpoint access mode support to RestApi L2 construct

3 participants

@Jojo134 @pahud @aws-cdk-automation