Miserlou/Zappa

api gateway create_domain_name should include parameter for securityPolicy to allow setting TLS_1_2

Opened this issue · 0 comments

hortonew commented

Context

boto3.client('apigateway') has function create_domain_name that supports argument securityPolicy='TLS_1_0'|'TLS_1_2' that isn't being used today. This would enable users to set TLS 1.2 for their custom domain name in API gateway. By default, TLS 1.0 is being used.

Expected Behavior

There should be a zappa_settings.json configuration that can be used to set tls_1_2 that would be picked up if certificate_arn is set.

Actual Behavior

API Gateway custom domain is defaulting to TLS 1.0, and users have to manually set TLS 1.2 if they require it.

Possible Fix

zappa_settings.json
Add argument tls_version with options 1.0 or 1.2, the default being 1.0 (as it stands today).

cli.py
dns_name = self.zappa.create_domain_name( should support this argument, passing in either securityPolicy='TLS_1_0' or securityPolicy='TLS_1_2'

core.py
def create_domain_name(self, should support this argument.

See: https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/apigateway.html#APIGateway.Client.create_domain_name

Steps to Reproduce

  1. Default deployment with certificate_arn set
  2. zappa certify dev

Your Environment

  • Zappa version used: latest
  • Operating System and Python version:
    mac catalina + python 3.7.7
  • The output of pip freeze:
  • Link to your project (optional):
  • Your zappa_settings.json:
"dev": {
    "app_function": "example.flask_app",
    "aws_region": "us-east-1",
    "profile_name": "dev-example",
    "project_name": "example",
    "runtime": "python3.7",
    "s3_bucket": "example",
    "manage_roles": false,
    "role_name": "example-role",
    "lambda_description": "example dev",
    "memory_size": 128, // lambda memory size, default 256MB
    "apigateway_description": "example dev",
    "apigateway_policy": "example.json",
    "iam_authorization": true,
    "tags": {
        "Company": "example",
        "Department": "example",
        "Environment": "Development"
    },
    "keep_warm": true,
    "certificate_arn": "arn:aws:acm:us-east-1:123456789:certificate/555-444-333-222-111",
    "domain": "example.com",
    "events": [{
        "function": "example.task",
        "expressions": ["cron(5 */4 ? * * *)"]
    }],
    "environment_variables": {
        "STAGE": "dev"
    }