Zappa icon indicating copy to clipboard operation
Zappa copied to clipboard
verified publisher icon zappa

[Migrated] api gateway create_domain_name should include parameter for securityPolicy to allow setting TLS_1_2

Open jneves opened this issue 4 years ago • 1 comments

Originally from: https://github.com/Miserlou/Zappa/issues/2122 by hortonew

Context

boto3.client('apigateway') has function create_domain_name that supports argument securityPolicy='TLS_1_0'|'TLS_1_2' that isn't being used today. This would enable users to set TLS 1.2 for their custom domain name in API gateway. By default, TLS 1.0 is being used.

Expected Behavior

There should be a zappa_settings.json configuration that can be used to set tls_1_2 that would be picked up if certificate_arn is set.

Actual Behavior

API Gateway custom domain is defaulting to TLS 1.0, and users have to manually set TLS 1.2 if they require it.

Possible Fix

zappa_settings.json Add argument tls_version with options 1.0 or 1.2, the default being 1.0 (as it stands today).

cli.py dns_name = self.zappa.create_domain_name( should support this argument, passing in either securityPolicy='TLS_1_0' or securityPolicy='TLS_1_2'

core.py def create_domain_name(self, should support this argument.

See: https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/apigateway.html#APIGateway.Client.create_domain_name

Steps to Reproduce

  1. Default deployment with certificate_arn set
  2. zappa certify dev

Your Environment

  • Zappa version used: latest
  • Operating System and Python version: mac catalina + python 3.7.7
  • The output of pip freeze:
  • Link to your project (optional):
  • Your zappa_settings.json:
"dev": {
    "app_function": "example.flask_app",
    "aws_region": "us-east-1",
    "profile_name": "dev-example",
    "project_name": "example",
    "runtime": "python3.7",
    "s3_bucket": "example",
    "manage_roles": false,
    "role_name": "example-role",
    "lambda_description": "example dev",
    "memory_size": 128, // lambda memory size, default 256MB
    "apigateway_description": "example dev",
    "apigateway_policy": "example.json",
    "iam_authorization": true,
    "tags": {
        "Company": "example",
        "Department": "example",
        "Environment": "Development"
    },
    "keep_warm": true,
    "certificate_arn": "arn:aws:acm:us-east-1:123456789:certificate/555-444-333-222-111",
    "domain": "example.com",
    "events": [{
        "function": "example.task",
        "expressions": ["cron(5 */4 ? * * *)"]
    }],
    "environment_variables": {
        "STAGE": "dev"
    }

jneves avatar Feb 20 '21 13:02 jneves

Hi, is there anything we could do to remove TLS 1.0 within zappa?

souravjamwal77 avatar Feb 05 '22 07:02 souravjamwal77

Hi there! Unfortunately, this Issue has not seen any activity for at least 90 days. If the Issue is still relevant to the latest version of Zappa, please comment within the next 10 days if you wish to keep it open. Otherwise, it will be automatically closed.

github-actions[bot] avatar Apr 03 '24 15:04 github-actions[bot]

Hi there! Unfortunately, this Issue was automatically closed as it had not seen any activity in at least 100 days. If the Issue is still relevant to the latest version of Zappa, please open a new Issue.

github-actions[bot] avatar Apr 13 '24 19:04 github-actions[bot]