Amplify and MTLS - How?

0

Hello, ive gone through these AWS docs regarding securing API gatways using MTLS which have you create your own CA, cert, key, etc, sign it and then create the PEM that is used alongside the truststore for MTLS - https://aws.amazon.com/blogs/compute/introducing-mutual-tls-authentication-for-amazon-api-gateway/

That all works great... between my development laptop and my api gateway... Now im trying to get Amplify involved in the scenario.

I've read elsewhere in the AWS docs on a deep hunt one night Amplify is a service that MTLS can be used with. The end goal is to protect a critical API that absolutely cannot withstand abuse. MTLS seems like a good way to do this.

How excatly do I go about replicating the development machine steps that worked to lock down the gateway with Amplify instead of just my local machine?

Is the path through using this pem/key I created with my Amplify sites code(this is self signed isnt it?) or do I need to gather the Amplify sites truststore/key and use that? Not really clear on how to proceed. Thanks!

  • Bump........

1 Answer
0

Considering your use case is to protect a critical API that absolutely cannot withstand abuse, you may want to take a look at integrating AWS WAF with Amplify. Sample code can be found here --> https://github.com/aws-samples/aws-cdk-amplify-with-waf.

However, you can override the API resources that are created by Amplify, you should be able to configure with mTLS but not 100% certain. Amplify uses AWS CDK to create resources. --> https://docs.amplify.aws/cli/restapi/override/.

Hopes this helps.

profile pictureAWS
aaron_l
answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions