Struggling with procedure to enforce TLS 1.2 minimum requirement.

Question

Hey.

I have a couple of instances inplace where aws-cli utility is running with TLSv1 
I understand that I can increase the bucket security to a minimum of TLS1.2 to make that more secure, I fear that the aws-cli will not then communicate with the bucket as this is configured for TLSv1
What is the next step to make the utility support TLSv1.2 .
Should I download the aws-cli-v2 latest. If so where can I find upgrade-installation steps over a working environment.
Ubuntu server environment.

Thanks.

Answer

The documentation states TLS1.2 is required for CLI v1: "Use SSL/TLS to communicate with AWS resources. We require TLS 1.2 and recommend TLS 1.3." and "You don't need to do anything to enable the use of HTTPS/TLS. It is always enabled unless you explicitly disable it for an individual command by using the --no-verify-ssl command line option."
https://docs.aws.amazon.com/cli/v1/userguide/data-protection.html

If you're saying you've explicitly configured your CLI to use TLSv1 then use one of the options below.

Here's the documentation for enforcing TLS1.2+ with CLI version 1:
https://docs.aws.amazon.com/cli/v1/userguide/cli-security-enforcing-tls.html

Here's the documentation for migrating from CLI v1 to CLI v2. If you go this route be sure to understand breaking changes mentioned in the hyperlink "New features and changes in AWS CLI version 2" on the linked page. 
https://docs.aws.amazon.com/cli/latest/userguide/cliv2-migration-instructions.html

If you're just running a really old release of the CLI v1 you could also try the update instructions here:
https://docs.aws.amazon.com/cli/v1/userguide/install-linux.html

Struggling with procedure to enforce TLS 1.2 minimum requirement.

Relevant content