Is Mutual auth with aws api gateway possible?

Question

I have an application installed in tomcat which currently I am running on http. Also I have used AWS API gateway to expose my application . I want to implement mutual auth between aws api gateway and my api which we have created . Is there any document which I can refer. Also is it possible to implement mutual authentication with AWS API gateway and my api.

score 3 · Answer 1 · answered Jan 29 '16 at 20:26

3

This is definitely possible by installing an SSL certificate in Tomcat and using the Client Certificate feature of API Gateway. See http://docs.aws.amazon.com/apigateway/latest/developerguide/getting-started-client-side-ssl-authentication.html

answered Jan 29 '16 at 20:26

RyanG

3,973
25
19

1

Thanks , but I am looking for a way where my server already have a certificate from different CA and Amazon API Gateway has different CA,So I am not sure whether server and client with different CA will work if AWS doesnt have my trusted CA in it – Grin like a Cheshire cat Feb 02 '16 at 07:48

score 0 · Answer 2 · answered Dec 21 '20 at 18:54

0

The API Gateway server must use a certificate the AWS ACM issues. The Gateway itself uses another AWS-generated certificate to authenticate with your backend.

answered Dec 21 '20 at 18:54

Steve Sonnenberg

1

Is Mutual auth with aws api gateway possible?

2 Answers2