Enforce a minimum version of TLS - Amazon Command Line Interface
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Enforce a minimum version of TLS

When using the Amazon Command Line Interface (Amazon CLI), the Transport Layer Security (TLS) protocol plays a crucial role in securing communication between the Amazon CLI and Amazon Web Services. To add increased security when communicating with Amazon services, you should use TLS 1.2 or later.

Amazon CLI version 2 uses an internal Python script that's compiled to use a minimum of TLS 1.2 when the service it's talking to supports it. As long as you use version 2 of the Amazon CLI, no further steps are needed to enforce this minimum. To ensure you're getting increased security, be sure to update to a recent version of the Amazon CLI.

The Amazon CLI and Amazon Web Service can exchange data securely, with the TLS protocol providing encryption, authentication, and data integrity. By leveraging the TLS protocol, the Amazon CLI ensures that your interactions with Amazon Web Services are protected from unauthorized access and data breaches, enhancing the overall security of your Amazon ecosystem.

The Amazon shared responsibility model applies to data protection in Amazon Command Line Interface. As described in this model, Amazon is responsible for protecting the global infrastructure that runs all of the Amazon Web Services. You are responsible for maintaining control over your content that is hosted on this infrastructure. You are also responsible for the security configuration and management tasks for the Amazon Web Services that you use. For more information about data protection, see Data protection in the Amazon CLI.