Find answers, ask questions, and connect with our
community around the world.

Home Forums AWS AWS Certified Security – Specialty API Gateway SSL question erratum

  • API Gateway SSL question erratum

  • gch99

    Member
    November 17, 2022 at 3:37 am

    Q: A data security company is experimenting on various security features that they can implement on their Elastic Load Balancers such as Server Order Preference, Predefined Security Policy, Perfect Forward Secrecy, and many others. The company is planning to use the Perfect Forward Secrecy feature to provide additional safeguards to their architecture against the eavesdropping of encrypted data through the use of a unique random session key. This feature also prevents the decoding of captured data, even if the secret long-term key is compromised.

    Which AWS services can offer SSL/TLS cipher suites for Perfect Forward Secrecy?

    A (indicated as incorrect): Amazon API Gateway and AWS Lambda

    Amazon API Gateway and AWS Lambda are incorrect since these services do not use Perfect Forward Secrecy. SSL/TLS is commonly used when you have sensitive data traveling through the public network.

    ————-

    API Gateway (including Lambda integrations) does support SSL including perfect forward secrecy, therefore this answer is also correct.

    “The APIs created with Amazon API Gateway expose HTTPS endpoints only. API Gateway doesn’t support unencrypted (HTTP) endpoints. For greater security, you can choose a minimum Transport Layer Security (TLS) protocol version to be enforced for your API Gateway custom domain. You can choose either a TLS version 1.2 or TLS version 1.0 security policy.”

    Source: https://docs.aws.amazon.com/apigateway/latest/developerguide/data-protection-encryption.html

Viewing 1 of 1 replies

Log in to reply.

Original Post
0 of 0 posts June 2018
Now