Wondering if AWS API G/w can be used with MTLS, as it has Websockets support.
However, the documentation here clearly says I cannot associate Websocket API with a domain that has MTLS enabled.
Can somebody help me understand:
- Why is MTLS not supported with AWS API G/w?
- Other than the obvious issue of provisioning each client with its own cert, are there other issues in using MTLS with Websockets?
My current working setup is:
- All clients are IoT devices and provisioned with client certificates
- Server is running in an AWS EKS cluster
- Server is configured with MTLS (server cert issued by ACM and server has been configured with CA cert to validate the client certs)
- Server uses NGINX Ingress controller in EKS for the MTLS setup
- Route53 and NLB configured for all of this to work
- The Server app uses Websockets for back and forth communication with the clients
This setup works. However, scaling the clients in this model has a direct dependency on the single EKS cluster and the region.
Trying to understand why AWS EKS would support MTLS+Websockets while API G/w won't (it individually has support for MTLS and Websockets, just not together!)
