aws-sam-cli icon indicating copy to clipboard operation
aws-sam-cli copied to clipboard
verified publisher icon aws

Bug: Add support for `EndpointAccessMode` in `AWS::ApiGateway::DomainName` & `AWS::ApiGateway::DomainNameV2`

Open TaherKapasi opened this issue 1 month ago • 1 comments

Description:

When running sam validate --lint on a SAM template with an AWS::ApiGateway::DomainName or AWS::ApiGateway::DomainNameV2 resource configured with a Security Policy set to SecurityPolicy_TLS13_1_2_FIPS_PQ_2025_09 one has to add EndpointAccessMode: STRICT in order for CloudFormation to successfully deploy.

The problem is sam validate --lint says the template has an E3002: Resource properties are invalid. Works fine when doing cfn-lint on same template using v1.42.0.

Short term workaround was to add E3002 to ignore_checks.

Steps to reproduce:

Create a template that include an API

  ApiGateway:
    Type: AWS::Serverless::Api
    Properties:
      ...

  ApiDomain:
    Type: AWS::ApiGateway::DomainName
    Properties:
      DomainName: x.y.com
      RegionalCertificateArn: !GetAtt Cert.Arn
      EndpointConfiguration:
        Types:
          - REGIONAL
      SecurityPolicy: SecurityPolicy_TLS13_1_2_FIPS_PQ_2025_09
      EndpointAccessMode: STRICT

Observed result:

[[E3002: Resource properties are invalid] (Additional properties are not allowed ('EndpointAccessMode' was unexpected)) matched 293] Error: Linting failed. At least one linting rule was matched to the provided template.

Expected result:

template.yaml is a valid SAM Template

Additional environment details (Ex: Windows, Mac, Amazon Linux etc)

  1. OS: macOS-26.1-arm64-arm-64bit-Mach-O
  2. sam --version: 1.149.0
  3. AWS region: eu-west-1
  4. cfn-lint version installed: 1.42.0

Paste the output of sam --info here

{
  "version": "1.149.0",
  "system": {
    "python": "3.13.9",
    "os": "macOS-26.1-arm64-arm-64bit-Mach-O"
  },
  "additional_dependencies": {
    "container_engine": "Docker(v29.0.1)",
    "aws_cdk": "Not available",
    "terraform": "1.12.2"
  },
  "available_beta_feature_env_vars": [
    "SAM_CLI_BETA_FEATURES",
    "SAM_CLI_BETA_BUILD_PERFORMANCE",
    "SAM_CLI_BETA_TERRAFORM_SUPPORT",
    "SAM_CLI_BETA_PACKAGE_PERFORMANCE",
    "SAM_CLI_BETA_RUST_CARGO_LAMBDA"
  ]
}

TaherKapasi avatar Nov 28 '25 21:11 TaherKapasi

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see. If you need more assistance, please either tag a team member or open a new issue that references this one. If you wish to keep having a conversation with other community members under this issue feel free to do so.

github-actions[bot] avatar Dec 01 '25 10:12 github-actions[bot]