- 最新
- 投票最多
- 评论最多
mTLS is configured on the Custom Domain level so you can decide that only some paths will require it and other will not. What you can do is create two APIs with two different domains, e.g., mtls.api.com and tls.api.com. The first will map to the API for all routes that require mTLS. The second will map to an API that does not require it.
Unfortunately this solution needs to work with a legacy system where ALL resource paths need to be off of the same domain ... having two separate domains (one with and one without mTLS) is not an option. Your comment suggests what I was already thinking ... that it is not going to be possible to do what I need to do with the API Gateway mTLS support.
Hello,
I recently came across a blog post within the Compute Blog, which addresses mutual Transport Layer Security (TLS) and how a customer's self-managed Kafka clusters can have a trust relationship established between AWS Lambda using a private certificate authority (CA), even using a Amazon Managed Streaming Kafka (MSK) certificate by default as the certificates are signed by Amazon Trust Services CAs.
Also, without knowing many more of the customer requirements and/or dependencies of the applications, proxy configuration(s) involved, or that may need to be involved yet,
You can activate any combination of authentication modes (mutual TLS, SASL SCRAM, or IAM access control) on new or existing clusters. This is useful if you are migrating to a new authentication mode or must run multiple authentication modes simultaneously. Lambda natively supports consuming messages from both self-managed Kafka and Amazon MSK through event source mapping.
Also, I just saw this related topic within another re:Post, if the solution necessitates API Gateway.
I hope this helps.
Gabriel
相关内容
- AWS 官方已更新 1 年前
- AWS 官方已更新 1 年前
- AWS 官方已更新 1 年前
- AWS 官方已更新 10 个月前
Hello TAW, Did you find any feasible solution to this scenario?