Open nikpivkin opened 3 months ago
Voting for Prioritization
Volunteering to Work on This Issue
The resource code allows only TLS_1_2
for security_policy
and REGIONAL
for endpoint_type
seemingly for good reason. If I allow these values, applying the configuration ends up failing anyway with the following server-side validation errors:
Error: creating API Gateway v2 Domain Name (tf-acc-test-9084719555279808942.example.com): operation error ApiGatewayV2: CreateDomainName, https response error StatusCode: 400, RequestID: c57f749a-7e7e-4e43-bb77-537ac13d27c7, BadRequestException: TLS_1_0 is not supported for APIGatewayV2 domainName.
Error: creating API Gateway v2 Domain Name (tf-acc-test-4160857730709957401.example.com): operation error ApiGatewayV2: CreateDomainName, https response error StatusCode: 400, RequestID: 9fce6f3b-f32f-48be-a37e-aa2c422c2b76, BadRequestException: EDGE endpoint type is not supported for APIGatewayV2 domainName.
From usability standpoint it's better to leave the provider-side validation as-is.
@acwwat Is your API configured as private? Private APIs only support TLS 1.2.
@acwwat Is your API configured as private? Private APIs only support TLS 1.2.
I was validating the changes via acceptance tests, and looking at the test case the aws_apigatewayv2_domain_name
is not associated with any API resources. But it is associated with a public domain (zone) and cert.
I will raise PR to update the documentation.
Documentation Link
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/apigatewayv2_domain_name
Description
The documentation says that the valid values for the security policy (
security_policy
argument) areTLS_1_2
. ButTLS_1_0
is also valid. See references.References
Would you like to implement a fix?
No