Al usar AWS re:Post, aceptas las AWS re:Post Términos de uso
AWS re:Postre:Post

Does API Gateway forward the client certificate?

0

Using custom domain name with API Gateway and enabled Mutual TLS, does API Gateway forward the authenticated client certificate to the back-end (Lambda)?

As with other reverse proxies like NGINX, Apache & CloudFlare there is option to forward the encoded client certificate in the headers (after validating it)

Temas
Sin servidorCálculoWeb y móvil front-endRedes y entrega de contenidoInternet de las cosas (IoT)
Etiquetas
AWS LambdaAmazon API GatewaySeguridad de capa de transporte (TLS)
Idioma
English
Mask
preguntada hace 6 meses364 visualizaciones
2 Respuestas
0
Respuesta aceptada

You will need to use request mapping templates to build the payload that is sent to the backend integration. You will include in there the relevant context variables. You can find the full list here.

profile pictureAWS
EXPERTO
Uri
respondido hace 6 meses
profile picture
EXPERTO
Gary Mclean
revisado hace un mes
0

For Lambda I figured that the certificate is available inside the event APIGatewayProxyEvent under requestContext.identity.clientCert which had the encoded certificate under clientCertPem along with other parameters like serialNumber, issuerDN, validity & subjectDN

Although now I'm want to know how this is handled if API Gateway is pointing toward different back-end? Will it be included in the headers?

Mask
respondido hace 6 meses

No has iniciado sesión. Iniciar sesión para publicar una respuesta.

Una buena respuesta responde claramente a la pregunta, proporciona comentarios constructivos y fomenta el crecimiento profesional en la persona que hace la pregunta.

Pautas para responder preguntas

Contenido relevante