AWS APi Gatway client side certificate with AWS Certificate manager for Elastic Beanstalk ELB

Question

I have front-end hosted on a server which calls the Back-end server ie an Elastic Load Balancer(ELB), and using Elastic Beanstalk for deployments hence it takes care of autoscaling.

Ember/Front-end -> ELB -> Autoscaled EC2 instances with Nginx servers

Now I want to add API Gateway in between and ensure that ELB takes requests from API Gateway only. I found that-> here <- But, I am using AWS Certificate manager to push my SSL certififcates, not sure how to use the PEM file/cert provided by API Gateway.

1. Is it possible to push the API Gateway provided Client Side Cert file through Certificate manager(console/cli/anywhere) along with the SSL certs that I bought ?

2. Is it possible to terminate SSL at ELB and use the API Gateway key.

3. To my horror, do I need to manually configure the certs on nginx config in the .ebextensions file ? if yes, the is there a better way to not push the file son the code repo and use them separately ?

Answer 1

The best way to do this is:-

If you are using Elastic Beanstalk in a VPC and are not of a view to rebuild the configuration. Then create an Elastic Load Balancer, attach it to a Target group, which targets an Autoscaling group's instances(make sure to attach the Target group in the Autoscaling group configuration as well, so that it keeps connected even when the instances are up/downscaled).

Or build a new conf. using the Network Load Balancer. Make sure that the Network load balancer is of scheme private ie not exposed to public/internet.

Next step is to create a VPC Link in API Gateway(you see an option in the API Gateway Console left menu-bar).

More information: https://docs.aws.amazon.com/apigateway/latest/developerguide/set-up-private-integration.html