amazon web services – Performing mTLS for a Go HTTP API running in AWS Lambda – Stack Overflow
Currently have a Go HTTP API using the github.com/gin-gonic/gin
library set up to perform mTLS, like so:
router := gin.New()
router.GET("/ping", handlers.GinHandler{GC: globalConf, H: handler.Ping}.Handle())
// I'm checking errors but just for simplicity it's ommitted
caCert, _ := ioutil.ReadFile("ca.crt")
caCertPool, _ := x509.SystemCertPool()
caCertPool.AppendCertsFromPEM(caCert)
tlsConfig := &tls.Config{
ClientCAs: caCertPool,
ClientAuth: tls.RequireAndVerifyClientCert,
}
server := &http.Server{
Addr: ":" + "8443",
TLSConfig: tlsConfig,
Handler: router,
}
server.ListenAndServeTLS("ssl.crt", "ssl.key")
It seems I need to use something like github.com/apex/gateway
for compatibility with AWS Lambda, but there’s only a ListenAndServe
function, rather than a ListenAndServeTLS
like with the net/http
package.
Is it possible to perform mTLS like this, inside an AWS Lambda function?
Or does this need to be rewritten to perform the mTLS inside an API Gateway instead? If so, is it possible to forward the certificate to the Go app/Lambda function for checking the CN?
Read more here: Source link