[ACTION REQUIRED] - Update your TLS connections to 1.2 to maintain AWS endpoint connectivity [AWS Account: 926257648248]

If this question is related to the AWS SDK for .NET, there is also additional information in the developer guide: https://docs.aws.amazon.com/sdk-for-net/v3/developer-guide/enforcing-tls.html

Please check the following official AWS blog first. [1]

[1] TLS 1.2 to become the minimum TLS protocol level for all AWS API endpoints | AWS Security Blog
https://aws.amazon.com/jp/blogs/security/tls-1-2-required-for-aws-endpoints/

The blog explains that the following actions should be taken

・Use CloudTrail to identify clients using TLS 1.0 or 1.1.
・Apply the minimum version of TLS by checking the documentation of the SDKs and other documents in the following blogs [2].

[2] TLS 1.2 to become the minimum for all AWS FIPS endpoints | AWS Security Blog
https://aws.amazon.com/jp/blogs/security/tls-1-2-to-become-the-minimum-for-all-aws-fips-endpoints/

We do not know which SDKs are used in your environment, so please check the documentation of each SDK according to your environment.

We hope this will be helpful.

how can i update SDK for android? there is not info abou SDK for android

When you use AWS resources from SDK, JDK or command line interface (CLI) you make calls to API from AWS, to make this calls a secure protocol is used (TLS), the TLS version is related to the version of the SDK/JDK/CLI used. If you received the notification it means that some software is accesing your account with a rather old version and the action to be taken is to update SDK/JDK/CLI from that software in order to upgrade TLS version to 1.2. This software can be something you developed by you organization, a third partie developed software or a SaaS you use that integrates with AWS, i.e. backup solutions, SIEM ingesting your logs.

In this related blog post you find guidance for two actions you can take:

a. Understand what resources are afected, that info you can look at the Personal Health Dashboard for our account (login to your account and then look for Persoal Health Dashboard.

b. Find what calls are using TLS older than 1.2 using CloudTrail logs, this logs will provide with some information like credentials beings used, IP and library used. That usually is a clue to find what program is involved in the calls to API.

I might also add to check IAM Access Analyzer to find out access from other accounts or federated users accesing your account and reviewing the credential report as it is likely and old SDK/JDK/CLI use might be related to a user that has not rotated passwords or access keys.

Update: If notice is related to Cloudfront accesing S3 Origin, you can check this documentation and select TLS 1.2 for origin access protocol.

Hope this answers clarifies path for action.