1 min read crispytechtips

(AWS) mTLS finally available on Application Load Balancer

Until 26 of November 2023, the main way to have a managed mTLS solution on AWS was through API Gateway service. ... but a new feature is out there.. ALB is now supporting mTLS too!
(AWS) mTLS finally available on Application Load Balancer
Mutual authentication (mTLS) is commonly used for business-to-business (B2B) applications such as online banking, automobile, or gaming devices to authenticate devices using digital certificates. Companies typically use it with a private certificate authority (CA) to authenticate their clients before granting access to data and services.

How to use mTLS on AWS ALB

You can do exactly the same stuff using aws cli

⚠️
mTLS is not available on Application Load Balancer controller for EKS yet.
The feature should be available during January 2024.
Subscribe to the feature request to remain up to date --> https://github.com/kubernetes-sigs/aws-load-balancer-controller/issues/3499

Web console

  1. Create a trustore
  1. Use it on AWS ALB


Official reference

Mutual authentication for Application Load Balancer reliably verifies certificate-based client identities | Amazon Web Services
Today, we are announcing support for mutually authenticating clients that present X509 certificates to Application Load Balancer. With this new feature, you can now offload client authentication to the load balancer, ensuring only trusted clients communicate with their backend applications. This new…
Amazon Web ServicesChanny Yun

Published by:

Yuri Bacciarini

You might also like...

Mar
01
[k8s] kubernetes events logger

[k8s] kubernetes events logger

Cluster administrators usually need to collect Kubernetes events to allow a better troubleshooting. By default Kubernetes does not stream these logs on regular STDOUT, "k8s-event-logger" tools comes exactly for this reason!
1 min read
Feb
28
[k8s] optimize workloads with pod resource recommendations

[k8s] optimize workloads with pod resource recommendations

Most Kubernetes pods could be better configured in terms of resources. Unfortunately, is not so easy out-of-the-box. Robusta KRR (Kubernetes Resource Recommender) comes to help us with it.
1 min read
Feb
20
[docker] optimise distributed builds with remote docker cache

[docker] optimise distributed builds with remote docker cache

Optimize distributed builds with remote docker cache
2 min read
Feb
10
[k8s] resource and cost optimisation with kube-green

[k8s] resource and cost optimisation with kube-green

Gone are the days when we had our applications always up&running. Cloud providers gave us a lot of elasticity, but without a mind change all this magic world will soon become a hell.
1 min read
Feb
10
[GCP] Google Kubernetes Engine autopilot

[GCP] Google Kubernetes Engine autopilot

GKE autopilot is the Kubernetes solution by Google for who wants to run pods and nothing else while having in the meantime a Kubernetes feeling!
2 min read
Tweets by YBacciarini