En utilisant AWS re:Post, vous acceptez les AWS re:Post Conditions d’utilisation
AWS re:Postre:Post

Does API Gateway forward the client certificate?

0

Using custom domain name with API Gateway and enabled Mutual TLS, does API Gateway forward the authenticated client certificate to the back-end (Lambda)?

As with other reverse proxies like NGINX, Apache & CloudFlare there is option to forward the encoded client certificate in the headers (after validating it)

Sujets
Sans serveurCalculWeb et mobile front-endRéseaux et diffusion de contenuInternet des objets (IoT)
Balises
AWS LambdaPasserelle API AmazonSécurité de la couche de transport (TLS)
Langue
English
Mask
demandé il y a 6 mois362 vues
2 réponses
0
Réponse acceptée

You will need to use request mapping templates to build the payload that is sent to the backend integration. You will include in there the relevant context variables. You can find the full list here.

profile pictureAWS
EXPERT
Uri
répondu il y a 6 mois
profile picture
EXPERT
Gary Mclean
vérifié il y a un mois
0

For Lambda I figured that the certificate is available inside the event APIGatewayProxyEvent under requestContext.identity.clientCert which had the encoded certificate under clientCertPem along with other parameters like serialNumber, issuerDN, validity & subjectDN

Although now I'm want to know how this is handled if API Gateway is pointing toward different back-end? Will it be included in the headers?

Mask
répondu il y a 6 mois

Vous n'êtes pas connecté. Se connecter pour publier une réponse.

Une bonne réponse répond clairement à la question, contient des commentaires constructifs et encourage le développement professionnel de la personne qui pose la question.

Instructions pour répondre aux questions

Contenus pertinents