- Newest
- Most votes
- Most comments
Under the "Security policy" section of your API Gateway custom domain name you should be able to edit the security policy to one that only supports TLSv1.2 or higher. https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-custom-domain-tls-version.html
If this was helpful, please remember to mark this answer as accepted. Thank you and good luck.
The PCI scan should be against the custom domain name that you have created, not default endpoint. I assume you have created corresponding DNS entry that points to API gateway FQDN.
To disable default endpoint, refer to How do I deactivate the API Gateway default endpoint for REST or HTTP APIs?
Thanks for the reply. The PCI scan was done on the custom domain name, default URL must have been detected by the scan. I have also tried to disable the default endpoint as shared in the link you shared, but the default endpoint is still accessible. There is no GET implementation the base URL so I get { "message": "Forbidden" }.on accessing the default endpoint.
Relevant content
- asked a year ago
- asked a year ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 years ago
While creating the custom domain we can change the TLS version to either 1.2 or 1.0, which is under the setting 'Minimum TLS version'. I am not able to find the "Security Policy" section while creating Custom Domain. Please share a screenshot or steps to go to this section.