Internal AWS TLS Certificates

Question

We have a microservice architecture and trying to deploy on AWS while leveraging its API Gateway.

Our API Gateway is using a public TSL certificate for client requests, but we wonder how we should be encrypting the communication from the API Gateway to the Load Balancer and then to the services. The API Gateway can also issue "Client Certificates" but it's not clear how we should utilize that.

We are hoping not to have a private CA on AWS as it is quite costly and we don't have any burning use for it.

score 0 · Answer 1 · answered Apr 10 '20 at 09:30

0

I think the traffic between API Gateway and internal AWS services is always going through HTTPS. This is based on the comments from BobK@AWS:

HTTPS is used for traffic between CloudFront and API Gateway. Communication from API Gateway to other services, such as Lambda, is also over HTTPS.

The only time API Gateway would not use SSL is if you configured an HTTP integration and chose not to enable HTTPS on that integration.

answered Apr 10 '20 at 09:30

Marcin

215,873
14
235
294

What would be the certificate used for this internal HTTPS connection? – Amir Apr 11 '20 at 10:11
@AHA Good question. I don't have an answer for that. Sorry. – Marcin Apr 11 '20 at 10:23

Internal AWS TLS Certificates

1 Answers1