Can we use Two Way SSL feature using AWS API Gateway ? We want to use API Gateway as proxy for kinesis in our real-time streaming application.
Below is my requirement
The client make request to apigateway and apigateway needs to put the data in kinesis streams.
The only way to authenticate the clients is using two way SSL. our clients doesnt support other options.
Currently on-premise F5 loadbalancer does this work for us and we have tomcats running behind F5 placing data into kinesis.
Will i be able to achieve the same using API Gateway ? looks like even aws ELB seems to be not supporting this option.
I have taken a look at below link but this to authenticate API Gateway at server not apigateway authenticating the client.
https://docs.aws.amazon.com/apigateway/latest/developerguide/getting-started-client-side-ssl-authentication.html
Regards Kalyan
In Amazon API Gateway, you can proxy requests to backend HTTP/HTTPS resources running in your Amazon VPC by setting up Private Integrations using VPC Links.
If you mean specifically AWS API Gateway, TLS termination will always happen at the gateway, since it only provides a TLS endpoint. It works as an proxy that only handles incoming HTTPS connections. You don't have the option to pass the incoming HTTPS call directly across the proxy.
You can now configure custom domains for your APIs on Amazon API Gateway using SSL/TLS certificates provisioned and managed by AWS Certificate Manager (ACM).
SSL terminationSecure Socket Layer (SSL) connections can be terminated at the load balancer or API Gateway level. These options are described as follows: SSL connection is terminated at load balancer: The SSL certificate and associated private key are deployed on the load balancer, and not on the API Gateway.
API Gateway can authenticate itself to your back-end with TLS, as you have found, but it does not work in the opposite direction -- it does not support authenticating clients with TLS.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With