AWS Security ChangesHomeSearch

AWS AWSCloudFormation documentation change

Service: AWSCloudFormation · 2025-06-07 · Documentation low

File: AWSCloudFormation/latest/TemplateReference/aws-resource-apigateway-domainname.md

Summary

Added documentation example for creating domain name with ROUTING_RULE_ONLY routing mode including TLS 1.2 security policy

Security assessment

The change demonstrates security best practices by including TLS_1_2 security policy configuration, but does not address a specific security vulnerability. It primarily documents a new routing mode feature.

Diff

diff --git a/AWSCloudFormation/latest/TemplateReference/aws-resource-apigateway-domainname.md b/AWSCloudFormation/latest/TemplateReference/aws-resource-apigateway-domainname.md
index f808347ba..6789c251e 100644
--- a//AWSCloudFormation/latest/TemplateReference/aws-resource-apigateway-domainname.md
+++ b//AWSCloudFormation/latest/TemplateReference/aws-resource-apigateway-domainname.md
@@ -216,0 +217,2 @@ The region-specific Amazon Route 53 Hosted Zone ID of the regional endpoint.
+  * Create Domain Name with routing mode ROUTING_RULE_ONLY
+
@@ -539,0 +542,38 @@ The following example defines the distribution and regional domain names, as wel
+### Create Domain Name with routing mode ROUTING_RULE_ONLY
+
+The following example creates a domain name with a routing mode of `ROUTING_RULE_ONLY`.
+
+#### JSON
+    
+    
+    {
+      "MyDomainName": {
+        "Type": "AWS::ApiGateway::DomainName",
+        "Properties": {
+          "DomainName": "api.mydomain.com",
+          "EndpointConfiguration": {
+            "Types": [
+              "REGIONAL"
+            ]
+          },
+          "SecurityPolicy": "TLS_1_2",
+          "RegionalCertificateArn": "arn:aws:acm:us-east-1:111122223333:certificate/fb1b9770-a305-495d-aefb-27e5e101ff3",
+          "RoutingMode": "ROUTING_RULE_ONLY"
+        }
+      }
+    }
+
+#### YAML
+    
+    
+    MyDomainName:
+        Type: AWS::ApiGateway::DomainName
+        Properties:
+          DomainName: api.mydomain.com
+          EndpointConfiguration:
+            Types:
+              - REGIONAL
+          SecurityPolicy: TLS_1_2
+          RegionalCertificateArn: arn:aws:acm:us-east-1:111122223333:certificate/fb1b9770-a305-495d-aefb-27e5e101ff3
+          RoutingMode: ROUTING_RULE_ONLY
+