1 min read

(AWS) mTLS finally available on Application Load Balancer

Until 26 of November 2023, the main way to have a managed mTLS solution on AWS was through API Gateway service. ... but a new feature is out there.. ALB is now supporting mTLS too!
(AWS) mTLS finally available on Application Load Balancer
Mutual authentication (mTLS) is commonly used for business-to-business (B2B) applications such as online banking, automobile, or gaming devices to authenticate devices using digital certificates. Companies typically use it with a private certificate authority (CA) to authenticate their clients before granting access to data and services.

How to use mTLS on AWS ALB

You can do exactly the same stuff using aws cli

mTLS is not available on Application Load Balancer controller for EKS yet.
The feature should be available during January 2024.
Subscribe to the feature request to remain up to date --> https://github.com/kubernetes-sigs/aws-load-balancer-controller/issues/3499

Web console

  1. Create a trustore
  1. Use it on AWS ALB

Official reference

Mutual authentication for Application Load Balancer reliably verifies certificate-based client identities | Amazon Web Services
Today, we are announcing support for mutually authenticating clients that present X509 certificates to Application Load Balancer. With this new feature, you can now offload client authentication to the load balancer, ensuring only trusted clients communicate with their backend applications. This new…
Tweets by YBacciarini