Consuming private Amazon API Gateway APIs using mutual TLS
Compute Blog
This article discusses how to consume private Amazon API Gateway APIs securely using mutual TLS (mTLS) authentication. mTLS provides two-way authentication between a client and server using X.509 certificates.
Specifically, the article covers:
- Application Load Balancer (ALB) mTLS configuration options: Passthrough mode and Verify with trust store mode
- Setting up mTLS for private API Gateway APIs using an ALB with the "Verify with trust store" mode
- Architecture patterns for same-account and cross-account private API access with mTLS
- Using AWS Private Certificate Authority and certificate revocation lists for enhanced security
- Conclusion: Simplifying mTLS deployment for private APIs by leveraging ALB's native support
The AWS News Feed is currently looking for gold sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.
Related articles
Nov 21
2025
2025
Enhancing API security with Amazon API Gateway TLS security policies
Nov 20
2025
2025
Amazon API Gateway now supports additional TLS security policies for REST APIs
Feb 29
2024
2024
Private Integration Between Salesforce and Amazon API Gateway
Nov 21
2025
2025
Amazon API Gateway REST APIs now supports private integration with Application Load Balancer
The AWS News Feed is currently looking for silver sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.