Does anyone know if it is possible to have a Websocket Api Gateway support mTLS authentication? According to the documentation it is not supported (https://aws.amazon.com/blogs/compute/evaluating-access-control-methods-to-secure-amazon-api-gateway-apis/). Does anyone know if there is a feature request for this or there is a workaround? We've debated using a lambda authorizer on the $connect route on the websocket API to authenticate client certificates manually, but it seems like an artificial implementation for mTLS since we're performing the client authentication after the TLS handshake. Not sure if this is our best option or if there is something better. Thanks.
Asked
Active
Viewed 381 times
1 Answers
0
No. You can't configure mTLS for WebSockets API. If you try via the console you will get the following error message: Mutual TLS is enabled for this domain name. You can't associate WebSocket APIs with it.
Uri
- 131
- 1
- 4