Mutual Authentication Secures Master Load Balancers!

AWS has announced that mutually authenticating clients that provide Application Load Balancer with X509 certificates will now be supported.

Based on AWS’s open-source Transport Layer Security (TLS) implementation S2N, this new feature protects developers against zero-day vulnerabilities and provides strong encryption.

B2B applications like online banking, automobile, and gambling use mutual authentication (mTLS) using digital certificates. Businesses commonly use it with a private certificate authority (CA) to authenticate consumer identities before providing information and services.

You may use your developer resources to focus on other important projects with your completely managed, scalable, and affordable solution mutual authentication on Application Load Balancer.

In the Listeners and routing section, additional settings including security policy, default server certificate, and a new client certificate handling option to facilitate mutual authentication are shown when you select HTTPS.

There are two methods for mutual authentication. With the Passthrough option, your backend application receives all of the client certificate chains that were sent by the client via HTTP headers.

When the Verify with Trust Store option is selected, the Application Load Balancer and the client authenticate one another and create a TLS connection to encrypt communication