FAQ-000843 - External Platform Security / External Platform Hosting and AWS

Yes, exceptions for TLS requirements can be made when using AWS-managed URLs, but you must submit a detailed action plan. This plan should explain the use of endpoints you don't control and demonstrate compliance with security standards wherever possible.

The original answer was clear and well-structured, but contained one minor grammatical issue that created slight confusion. The phrase "you do not control" was corrected to "you don't control" to align with the conversational tone guidelines and improve readability. This small change makes the answer flow more naturally while preserving all the original content and meaning. Regarding the selected security rules: 1. **ApexInsecureEndpoint** - This rule directly relates to the FAQ's discussion of TLS requirements and endpoints. The FAQ specifically addresses "TLS requirements when using AWS-managed URLs" and mentions "endpoints you do not control," which aligns with this rule's focus on detecting insecure HTTP endpoints in Apex code. 2. **AvoidInsecureHttpRemoteSiteSetting** - This rule is highly relevant as it deals with preventing insecure HTTP connections in Remote Site Settings. The FAQ discusses TLS requirements and AWS-managed URLs, which would typically involve remote site configurations that this rule helps secure. 3. **AvoidDisableProtocolSecurityRemoteSiteSetting** - This rule complements the previous one by focusing on protocol security settings. The FAQ's emphasis on "compliance with security standards" and TLS requirements directly relates to maintaining proper protocol security configurations that this rule enforces.