3

How can I restrict AWS Application Load Balancer to only receive HTTP \ HTTPS requests which originated from AWS API Gateway ?

I'm aware that API Gateway can generate and send client side certificate to the backend as described here: https://docs.aws.amazon.com/apigateway/latest/developerguide/getting-started-client-side-ssl-authentication.html

But can't find any way to set the ALB to verify client certificate. Are there other alternatives for ensuring that the ALB will only handle and pass requests which went through AWS API GW ?

Uria W
  • 159
  • 1
  • 6
  • I think ALB do not support client certificate validation. If you are not stuck with ALB , one option is to use NLB in backend. Then you can either 1. Do you your own TLS termination and cert validation or have a private VPC + VPCLink to allow only requests from API gateway coming to NLB – Vishal Oct 18 '18 at 00:32
  • The ALB can have listener rules. Which can be path or host based. Can this help? https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-listeners.html#listener-rules – advncd Oct 30 '18 at 23:35
  • @uria-w I'm also interested in this issue. Please update here if you find a solution. – advncd Oct 31 '18 at 17:26

0 Answers0