Every time I searched Mutual Auth over SSL for AWS API Gateway , I can find MTLS between AWS API Gateway and Backend Services. But I'm looking to protect my AWS API Gateway endpoints with MTLS (client identity) .
For example, I have a backup QueryCustomer, which I proxied through the AWS API Gateway. Now I can install SSL Cert on the Gateway API, but this is regular 1-way SSL. What I want to achieve is to have MTLS with client authentication, when the consumer of the AWS API Gateway API first needs to exchange their public certificates, which we configure in AWS truststores , and public AWS certificates will be published on the consumer end of the API as well.
Now during the handshake, as with other API gateways and application servers, there should be a property that says something like this endpoint of the AWS API end gateway requires an auth client , so only if the user public API certificate is in a trusted API store Gateways must be authenticated to access the endpoint, otherwise just make the usual SSL confirmation error.
Can anyone advise if this can be implemented on the AWS API Gateway?
source
share