Is Mutual auth with aws api gateway possible?

6
votes

I have an application installed in tomcat which currently I am running on http. Also I have used AWS API gateway to expose my application . I want to implement mutual auth between aws api gateway and my api which we have created . Is there any document which I can refer. Also is it possible to implement mutual authentication with AWS API gateway and my api.

2
apiamazon-web-servicestomcat7aws-api-gatewaymutual-authentication

2 Answers

3
votes

This is definitely possible by installing an SSL certificate in Tomcat and using the Client Certificate feature of API Gateway. See http://docs.aws.amazon.com/apigateway/latest/developerguide/getting-started-client-side-ssl-authentication.html

0
votes

The API Gateway server must use a certificate the AWS ACM issues. The Gateway itself uses another AWS-generated certificate to authenticate with your backend.