'MTLS Cloudfront/ApiGateway AWS

Didnt find any material of how to implement Cloudfront + MTLS or Api Gateway + MTLS. Is it possible? If not, is there any alternative to achieve MTLS with CloudFront + ApiGateway?

amazon-cloudfrontmtls


Solution 1:[1]

The mTLS support for API Gateway was released yesterday. Here is a detailed blog post how to set it up:

https://aws.amazon.com/blogs/compute/introducing-mutual-tls-authentication-for-amazon-api-gateway/

Solution 2:[2]

In order to use mTLS you can't use CloudFront. This is because CF does the TLS Termination and doesn't support pass-through to APIGW or other downstream services.

If you wish to use mTLS, you should point your R53 domain name directly to API GW, disable the default endpoint, and add WAF to the API instead.

Solution 3:[3]

mTLS is not supported for Edge-optimized APIs. You can use it with Regional APIs only

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 am29d
Solution 2 Enrico Bergamo
Solution 3 Ranbir Singh

Related Questions

Terraform update Route53 DOMAIN NameServers

Terraform update Route53 DOMAIN NameServers

Terraform update Route53 DOMAIN NameServers

Amazon AWS S3 to Force Download Mp3 File instead of Stream It

How to enable terraform module only with a specific workspace

AWS RDS Postgres: WAL_LEVEL not set to 'logical' after changing rds.logical_replication = 1

Use terraform to set up a lambda function triggered by a scheduled event source

Use terraform to set up a lambda function triggered by a scheduled event source

Self stopping EC2 once task complete?

AWS - SWF - Asynchronous method

Why my cloudformation template is over 1 MB?

AWS elastic beanstalk - WARN install EACCES: permission denied, access '/tmp/.npm'

Aws step functions - Resume from failed step function activity instead of starting a new execution

Redirect Elastic Beanstalk URL to domain name

node-lambda - TypeError: handler is not a function