AWS API Gateway should prevent use of TLS v1

Question

Refering to AWS Cloudfront Documentation, AWS API Gateway supports TLS v1.0, v1.1, v1.2.

But I want to limit the encryption protocols to TLS v1.1 and v1.2 for my Gat

Answer 1

In order for Gateway API with additional cloud front distribution to work, we need to

1. From AWS Console, under API Gateway go to Custom Domain Name and delete the mapped entry.
2. Create a new cloudfront distribution with

Cloudfront settings

• Origin Domain Name as your Gate API endpoint https://abcdfefg.execute-api.us-east-1.amazonaws.com
• Viewer Protocol Policy as HTTPS Only
• Origin SSL Protocols as TLSv1.2, TLSv1.1 (Uncheck TLSv1)
• Add a CNAME entry under Alternate Domain Name to refer to custom domain name
• and few other defaults After the above changes are completed, accessing the custom domain name on https will enforce the TLS security settings as defined in Cloudfront distribution.