Reputation: 21
Authenticate on a EB environment by using client-side ssl authentication for amazon api-gateway
I am working with AWS-API-Gateway and an Elastic Beanstalk environment. What I want to make sure in the Elastic Beanstalk environment is that the request is served only for AWS-API-Gateway.
So Amazon suggested for client-side SSL certificate authentication. The problem I'm facing in this is that even if I configure Amazon API gateway to provide a certificate on a https connection, it will give the certificate to the load-balancer and load-balancer will give its certificate to my ec-2 instance.
So in this scenario, I never receive the SSL certificate of API gateway. Please help me here or provide me with a better solution.
I don't want to remove my load-balancer in the scenario as it is helpful for me.
Upvotes: 2
Views: 887
Answers (1)
Reputation: 7344
As far as I know, the key with using ELB is to turn the ELB to TCP mode (not HTTP) so the SSL handshake is actually done on the EC2 instances. That way you can verify on the hosts and treat the ELB as just a simple TCP load balancer.
Some helpful info here Support for two-way TLS/HTTPS with ELB
Upvotes: 1
Related Questions
- ELB to backend server using HTTPS with self-signed certificate
- AWS API Gateway MTLS client auth
- Support for two-way TLS/HTTPS with ELB
- Securing an existing API behind AWS API Gateway
- AWS API gateway and Load balancer secure communication
- AWS API Gateway - Use Client-Side SSL Certificates
- Api Gateway connection with Elastic Beanstalk (client-side SSL Certificate)
- Client certificates with AWS API Gateway
- AWS API-Gateway client authentication and NGINX
- AWS API Gateway with external authentication