Reputation: 5259
Certificate Pinning on AWS Lambda
Certificate Pinning on AWS Lambda
Can handler functions in AWS lambda, invoked by API Gateway, reach down into the connection layer of the request at all to access what certificate was used to establish the SSL/TLS connection on the client side? I'd like to implement a certificate pinning strategy for the API I'm building as I've found a dozen ways in which SSL without pinning can be bypassed and the data in my API is not social media posts.
Any Alternatives if not possible?
If Lambda functions don't have access to the connection layer is there a comparable way of further enforcing security and not simply saying "SSL is enough"
Last Resort
If Lambda doesn't give me access to the certificate info of the client connections I'll have to resort to asymmetric encryption.
Upvotes: 0
Views: 2646
Answers (1)
Reputation: 4532
An AWS Lambda function doesn't have a direct connection with an HTTP request, it can be invoked by a lot of things, e.g. an SNS subscription, or a simple SDK invocation. Or, and that's I guess what you're aiming at, you can invoke a Lambda function via the AWS API Gateway.
So if you want any HTTP or TLS details in your Lambda function, you need to make sure that the API Gateway is somehow injecting that data into the payload that's going to the Lambda function. I'm not sure if that's possible, a deep dive into some API Gateway documentation will probably help you further.
Upvotes: 1
Related Questions
- AWS: Using TLS-certificate without private key
- How to verify client-certificate in AWS Lambda
- Call a web API from lambda given an x509 certification and private key
- How to call ssl endpoint fon AWS Lambda function
- Access client certificate in AWS lambda
- Import external cert in aws
- Python AWS Lambda Certificates
- How to make SSL-Requests with AWS-Lambda-Function?
- AWS API Gateway and AWS Lambda - handling client certificate
- AWS Api Gateway - Lambda Function Client Certificate