Amazon API Gateway now supports additional TLS security policies for REST APIs

Modern Workspace Pro 20 November 2025No CommentsAmazon Web Services

Amazon API Gateway now supports enhanced TLS security policies on API endpoints and custom domain names, providing you with greater control over the security posture of your APIs. These new policies help you meet evolving security requirements, comply with stricter regulations, and enhance encryption for your API connections.

When configuring REST APIs and custom domain names, you can now select from an extended list of security policies, including options that require TLS 1.3 only, implement Perfect Forward Secrecy, comply with Federal Information Processing Standard (FIPS), or leverage Post Quantum Cryptography. These policies help meet evolving security requirements and stricter regulations while simplifying API security management. The enhanced policies also support endpoint access control for additional governance.

API Gateway enhanced TLS security policies are available in the following AWS commercial Regions: US East (N. Virginia), US East (Ohio), US West (N. California), US West (Oregon), Africa (Cape Town), Asia Pacific (Hong Kong), Asia Pacific (Hyderabad), Asia Pacific (Jakarta), Asia Pacific (Malaysia), Asia Pacific (Melbourne), Asia Pacific (Mumbai), Asia Pacific (Osaka), Asia Pacific (Seoul), Asia Pacific (Singapore), Asia Pacific (Sydney), Asia Pacific (Tokyo), Canada (Central), Canada West (Calgary), Europe (Frankfurt), Europe (Ireland), Europe (London), Europe (Milan), Europe (Paris), Europe (Spain), Europe (Stockholm), Europe (Zurich), Israel (Tel Aviv), Middle East (UAE), South America (São Paulo).

For more information, visit the Amazon API Gateway documentation.

Categories: marketing:marchitecture/networking-and-content-delivery,general:products/amazon-api-gateway