Usando AWS re:Post, accetti AWS re:Post Termini di utilizzo
AWS re:Postre:Post

Does API Gateway forward the client certificate?

0

Using custom domain name with API Gateway and enabled Mutual TLS, does API Gateway forward the authenticated client certificate to the back-end (Lambda)?

As with other reverse proxies like NGINX, Apache & CloudFlare there is option to forward the encoded client certificate in the headers (after validating it)

Argomenti
ServerlessComputazionaliFront-end web e dispositivi mobiliNetworking e distribuzione di contenutiInternet delle cose (IoT)
Tag
AWS LambdaGateway API di AmazonTransport Layer Security (TLS)
Lingua
English
Mask
posta 6 mesi fa364 visualizzazioni
2 Risposte
0
Risposta accettata

You will need to use request mapping templates to build the payload that is sent to the backend integration. You will include in there the relevant context variables. You can find the full list here.

profile pictureAWS
ESPERTO
Uri
con risposta 6 mesi fa
profile picture
ESPERTO
Gary Mclean
verificato un mese fa
0

For Lambda I figured that the certificate is available inside the event APIGatewayProxyEvent under requestContext.identity.clientCert which had the encoded certificate under clientCertPem along with other parameters like serialNumber, issuerDN, validity & subjectDN

Although now I'm want to know how this is handled if API Gateway is pointing toward different back-end? Will it be included in the headers?

Mask
con risposta 6 mesi fa

Accesso non effettuato. Accedi per postare una risposta.

Una buona risposta soddisfa chiaramente la domanda, fornisce un feedback costruttivo e incoraggia la crescita professionale del richiedente.

Linee guida per rispondere alle domande

Contenuto pertinente