CCM-14114: set TLS version on Rest API to be 1.2, to match domain name

Author: stevebux

infrastructure/terraform/components/api/api_gateway_rest_api_tls.tf

@@ -0,0 +1,15 @@
+# Terraform does not yet support setting the securityPolicy on aws_api_gateway_rest_api
+# directly. This terraform_data resource works around that by calling the AWS CLI
+# to enforce TLS 1.2 on the REST API after it is created or replaced.
+resource "terraform_data" "rest_api_tls_policy" {
+  triggers_replace = [aws_api_gateway_rest_api.main.id]
+
+  provisioner "local-exec" {
+    command = <<-EOT
+      aws apigateway update-rest-api \
+        --region ${var.region} \
+        --rest-api-id ${aws_api_gateway_rest_api.main.id} \
+        --patch-operations op=replace,path=/securityPolicy,value=TLS_1_2
+    EOT
+  }
+}