feat(opensearchservice): TLS security policy for TLS 1.3 and perfect …

…forward secrecy (#28583) This PR supports new TLS security policy 'Policy-Min-TLS-1-2-PFS-2023-10' for TLS 1.3 and perfect forward secrecy. The description from [CLI reference](https://docs.aws.amazon.com/cli/latest/reference/opensearch/update-domain-config.html): > Policy-Min-TLS-1-2-PFS-2023-10: TLS security policy that supports TLS version 1.2 to TLS version 1.3 with perfect forward secrecy cipher suites - Release notes - https://aws.amazon.com/jp/about-aws/whats-new/2024/01/amazon-opensearch-service-tls-1-3-perfect-forward-secrecy/ - CloudFormation - https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-domainendpointoptions.html#cfn-opensearchservice-domain-domainendpointoptions-tlssecuritypolicy ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
aws · Jan 8, 2024 · 9cf9baa · 9cf9baa
1 parent 178b845
commit 9cf9baa
Showing 1 changed file with 3 additions and 1 deletion.
diff --git a/packages/aws-cdk-lib/aws-opensearchservice/lib/domain.ts b/packages/aws-cdk-lib/aws-opensearchservice/lib/domain.ts
@@ -281,7 +281,9 @@ export enum TLSSecurityPolicy {
   /** Cipher suite TLS 1.0 */
   TLS_1_0 = 'Policy-Min-TLS-1-0-2019-07',
   /** Cipher suite TLS 1.2 */
-  TLS_1_2 = 'Policy-Min-TLS-1-2-2019-07'
+  TLS_1_2 = 'Policy-Min-TLS-1-2-2019-07',
+  /** Cipher suite TLS 1.2 to 1.3 with perfect forward secrecy (PFS) */
+  TLS_1_2_PFS = 'Policy-Min-TLS-1-2-PFS-2023-10',
 }
 
 /**