How to store certificate as a secret in AWS secret manager ? How to pass that secret in https call using AWS appSync resolver?

梦想与她 提交于 2020-07-22 21:38:28

问题


I need to get elements from AWS dynamoDB and thrid party https service and merge those results in AWS appSyn and send back the result as graphQL response

Third party service which I am using, expects client side certificate. I am not finding proper AWS documents on how to pass agent using AWS appSync resolver.

I am also not finding documents to store certificate as secret in AWS secret manager.

Is there anyone faced similar problem? Or do you guys have any solution to it?


回答1:


It depends on the size of your certificate - Secrets for AWS Secrets Manager have various limits such as length in bytes (7168 bytes) or characters (4096) see more here:

https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_limits.html

But otherwise you should be able to store your certificate using AWS Secrets Manager.

See number item 3 in the following link: https://aws.amazon.com/blogs/compute/maintaining-transport-layer-security-all-the-way-to-your-container-part-2-using-aws-certificate-manager-private-certificate-authority/

Using HTTP Resolvers (or even Lambda Resolvers) you will be able to make http calls to AWS Secrets Manager to obtain the secret.

See links: https://docs.aws.amazon.com/appsync/latest/devguide/tutorial-lambda-resolvers.html https://docs.aws.amazon.com/appsync/latest/devguide/tutorial-http-resolvers.html




回答2:


Adding to Ashwin's answer, According to documentation, HTTP resolver supports only public endpoint at this point and does not seem to have ability to pass a certificate for app to app call



来源:https://stackoverflow.com/questions/55596821/how-to-store-certificate-as-a-secret-in-aws-secret-manager-how-to-pass-that-se

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!