By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Does API Gateway forward the client certificate?

0

Using custom domain name with API Gateway and enabled Mutual TLS, does API Gateway forward the authenticated client certificate to the back-end (Lambda)?

As with other reverse proxies like NGINX, Apache & CloudFlare there is option to forward the encoded client certificate in the headers (after validating it)

Topics
ServerlessComputeFront-End Web & MobileNetworking & Content DeliveryInternet of Things (IoT)
Tags
AWS LambdaAmazon API GatewayTransport Layer Security (TLS)
Language
English
Mask
asked 6 months ago333 views
2 Answers
0
Accepted Answer

You will need to use request mapping templates to build the payload that is sent to the backend integration. You will include in there the relevant context variables. You can find the full list here.

profile pictureAWS
EXPERT
Uri
answered 6 months ago
profile picture
EXPERT
Gary Mclean
reviewed a month ago
0

For Lambda I figured that the certificate is available inside the event APIGatewayProxyEvent under requestContext.identity.clientCert which had the encoded certificate under clientCertPem along with other parameters like serialNumber, issuerDN, validity & subjectDN

Although now I'm want to know how this is handled if API Gateway is pointing toward different back-end? Will it be included in the headers?

Mask
answered 6 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content