amazon web services – Performing mTLS for a Go HTTP API running in AWS Lambda – Stack Overflow

admin

Currently have a Go HTTP API using the github.com/gin-gonic/gin library set up to perform mTLS, like so:

router := gin.New()
router.GET("/ping", handlers.GinHandler{GC: globalConf, H: handler.Ping}.Handle())

// I'm checking errors but just for simplicity it's ommitted
caCert, _ := ioutil.ReadFile("ca.crt")
caCertPool, _ := x509.SystemCertPool()
caCertPool.AppendCertsFromPEM(caCert)

tlsConfig := &tls.Config{
    ClientCAs:  caCertPool,
    ClientAuth: tls.RequireAndVerifyClientCert,
}

server := &http.Server{
    Addr:      ":" + "8443",
    TLSConfig: tlsConfig,
    Handler:   router,
}

server.ListenAndServeTLS("ssl.crt", "ssl.key")

It seems I need to use something like github.com/apex/gateway for compatibility with AWS Lambda, but there’s only a ListenAndServe function, rather than a ListenAndServeTLS like with the net/http package.

Is it possible to perform mTLS like this, inside an AWS Lambda function?

Or does this need to be rewritten to perform the mTLS inside an API Gateway instead? If so, is it possible to forward the certificate to the Go app/Lambda function for checking the CN?

Read more here: Source link