- 최신
- 최다 투표
- 가장 많은 댓글
AFAIK mTLS is not supported on ALB since it always terminates the TLS connection. You can use a NLB instead to redirect the L4 traffic to a server which can deal with mTLS such as NGINX.
Hope it helps.
Not sure if I understand your question correctly but You can use API gateway to configure client-side SSL authentication for sending requests to the integration endpoint (https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-clientcertificate.html ) . For your own public domain You can configure certificate validation by DNS or Email validation. Validation is done by the server the same way the client validates the server's certificate through a signed certificate .Certificates managed in ACM use RSA keys with a 2048-bit modulus and SHA-256.
Thank you for your answer. We have added clarifications to the question because we do not think you are answering the question.
It technically solves the problem, but it leaves the responsibility to the application to manage the certificates itself and it remains moderately acceptable from a "security in depth" point of view. Thanks to the author of the answer.