How to add security policy to API Gateway in CDK application?

Question

I am trying to add a TLS to my API Gateway in my CDK app. But I am not sure where to add it to my API Gateway instance:

const api = new apiGateway.RestApi(this, "my-api", {..})
..

When I deploy this to AWS, I do see endpoints as

https://someid123.execute-api.us-east-1.amazonaws.com/prod

I am guessing this already has TLS enabled (with https)? if so, how do I view the actual security policy used?

Balu Vyamajala · Accepted Answer

REST Api supports TLS 1.2 and TLS 1.0 and When we add a custom domain, we can choose to pass Security policy. We can't choose for default endpoint provided by AWS.

securityPolicy: apigw.SecurityPolicy.TLS_1_2 to domainName.securityPolicy

const restapi = new apigw.RestApi(this, 'my-rest-api', {
    description: `test`,
    restApiName: `test-api`,
    endpointTypes: [apigw.EndpointType.REGIONAL],
    domainName: {
        securityPolicy: apigw.SecurityPolicy.TLS_1_2,
        domainName: `test-api.mydomain.com`,
        certificate: acm.Certificate.fromCertificateArn(
                      this,'my-cert', myCertArn),
        endpointType: apigw.EndpointType.REGIONAL,
    },
    deployOptions: {
        stageName: 'qa'
    },
});
    const hostedZone = route53.HostedZone.fromLookup(this, 'hosted-zone-lookup', {
        domainName: `mydomain.com`,
    });
    new route53.ARecord(this, 'api-gateway-route53', {
        recordName: `test-api.mydomain.com`,
        zone: hostedZone,
        target: route53.RecordTarget.fromAlias(new route53Targets.ApiGateway(restApi)),
    });

How to add security policy to API Gateway in CDK application?

Answers (2)

Related Questions