replace TLSv1.2_2019 with TLSv1.2_2021 as default policy

[jamerply]

what

This PR updates the mimimum_protocol_version variable so that it defaults to TLSv1.2_2021 (the current recommended security policy recommended by AWS) instead of TLSv1.2_2019.

why

The most current security policy is no longer TLSv1.2_2019 but is TLSv1.2_2021.

references

See the "Security Policy" heading under the "Distribution Setting" section of the AWS CloudFront Documentation for further information.

[hans-d]

/terratest

[mergify[bot]]

Thanks @jamerply for creating this pull request!

A maintainer will review your changes shortly. Please don't be discouraged if it takes a while.

While you wait, make sure to review our contributor guidelines.

[!TIP]

Need help or want to ask for a PR review to be expedited?

Join us on Slack in the #pr-reviews channel.

[jamerply]

@Nuru

The problem is, this is a potentially breaking change that will manifest as some old clients failing to connect all of a sudden, a problem which will be difficult to trace back to updating this component.

If users have pinned their modules to a particular version per CloudPosse's own recommendation, wouldn't that prevent the breaking change unless they knowingly updated to the newer version?

[Gowiem]

@Nuru thoughts on just making this a major revision change? I agree that we should upgrade this for future consumers of this module, otherwise we're encouraging an old and outdated TLS. The other route is to remove the default altogether, but either way we'll want to do a major version rev. Let me know your thoughts and I can work with @jamerply to push this forward.