two way SSL using AWS API Gateway

6
votes

Can we use Two Way SSL feature using AWS API Gateway ? We want to use API Gateway as proxy for kinesis in our real-time streaming application.

Below is my requirement

The client make request to apigateway and apigateway needs to put the data in kinesis streams.

The only way to authenticate the clients is using two way SSL. our clients doesnt support other options.

Currently on-premise F5 loadbalancer does this work for us and we have tomcats running behind F5 placing data into kinesis.

Will i be able to achieve the same using API Gateway ? looks like even aws ELB seems to be not supporting this option.

I have taken a look at below link but this to authenticate API Gateway at server not apigateway authenticating the client.

https://docs.aws.amazon.com/apigateway/latest/developerguide/getting-started-client-side-ssl-authentication.html

Regards Kalyan

1
aws-api-gatewayapi-gateway

1 Answers

6
votes

API Gateway can authenticate itself to your back-end with TLS, as you have found, but it does not work in the opposite direction -- it does not support authenticating clients with TLS.