AWS API Gateway Client Certificate
This page shows how to write Terraform and CloudFormation for API Gateway Client Certificate and write them securely.
aws_api_gateway_client_certificate (Terraform)
The Client Certificate in API Gateway can be configured in Terraform with the resource name aws_api_gateway_client_certificate
. The following sections describe 2 examples of how to use the resource and its parameters.
Example Usage from GitHub
resource "aws_api_gateway_client_certificate" "aws_apigateway_client_certificates_cert" {
description = "My client certificate"
resource "aws_api_gateway_client_certificate" "this" {
description = var.description
tags = var.tags
}
Parameters
-
arn
optional computed - string -
created_date
optional computed - string -
description
optional - string -
expiration_date
optional computed - string -
id
optional computed - string -
pem_encoded_certificate
optional computed - string -
tags
optional - map from string to string
Explanation in Terraform Registry
Provides an API Gateway Client Certificate.
Tips: Best Practices for The Other AWS API Gateway Resources
In addition to the aws_api_gateway_method_settings, AWS API Gateway has the other resources that should be configured for security reasons. Please check some examples of those resources and precautions.
aws_api_gateway_method_settings
Ensure that API Gateway stage-level cache is encrypted
It is better to enable the stage-level cache encryption which reduces the risk of data leakage.
aws_api_gateway_domain_name
Ensure to use modern TLS protocols
It is better to adopt TLS v1.2+.
aws_api_gateway_stage
Ensure to enable access logging of your API Gateway stage (v1)
It is better to enable the access logging of your API Gateway stage (v1).
aws_api_gateway_method
Ensure that your API Gateway method blocks unwanted access
It is better that the API Gateway method does not allow public access.
AWS::ApiGateway::ClientCertificate (CloudFormation)
The ClientCertificate in ApiGateway can be configured in CloudFormation with the resource name AWS::ApiGateway::ClientCertificate
. The following sections describe how to use the resource and its parameters.
Example Usage from GitHub
An example could not be found in GitHub.
Parameters
-
Description
optional - String -
Tags
optional - List of Tag
Explanation in CloudFormation Registry
The
AWS::ApiGateway::ClientCertificate
resource creates a client certificate that API Gateway uses to configure client-side SSL authentication for sending requests to the integration endpoint.
Frequently asked questions
What is AWS API Gateway Client Certificate?
AWS API Gateway Client Certificate is a resource for API Gateway of Amazon Web Service. Settings can be wrote in Terraform and CloudFormation.
Where can I find the example code for the AWS API Gateway Client Certificate?
For Terraform, the cloudquery/cq-provider-aws and niveklabs/aws source code examples are useful. See the Terraform Example section for further details.