feat(opensearchservice): TLS security policy for TLS 1.3 and perfect forward secrecy (#28583)

go-to-k · web-flow · commit 9cf9baad5eca · 2024-01-08T23:08:22.000Z
This PR supports new TLS security policy 'Policy-Min-TLS-1-2-PFS-2023-10' for TLS 1.3 and perfect forward secrecy. The description from [CLI reference](https://docs.aws.amazon.com/cli/latest/reference/opensearch/update-domain-config.html): > Policy-Min-TLS-1-2-PFS-2023-10: TLS security policy that supports TLS version 1.2 to TLS version 1.3 with perfect forward secrecy cipher suites - Release notes - https://aws.amazon.com/jp/about-aws/whats-new/2024/01/amazon-opensearch-service-tls-1-3-perfect-forward-secrecy/ - CloudFormation - https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-domainendpointoptions.html#cfn-opensearchservice-domain-domainendpointoptions-tlssecuritypolicy ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
diff --git a/packages/aws-cdk-lib/aws-opensearchservice/lib/domain.ts b/packages/aws-cdk-lib/aws-opensearchservice/lib/domain.ts
@@ -281,7 +281,9 @@ export enum TLSSecurityPolicy {
   /** Cipher suite TLS 1.0 */
   TLS_1_0 = 'Policy-Min-TLS-1-0-2019-07',
   /** Cipher suite TLS 1.2 */
-  TLS_1_2 = 'Policy-Min-TLS-1-2-2019-07'
+  TLS_1_2 = 'Policy-Min-TLS-1-2-2019-07',
+  /** Cipher suite TLS 1.2 to 1.3 with perfect forward secrecy (PFS) */
+  TLS_1_2_PFS = 'Policy-Min-TLS-1-2-PFS-2023-10',
 }
 
 /**
