Encrypted API calls #548
Comments
|
The communication between you and AWS should be encrypted transparently using https. This is set in Line 91 in e70532e scheme with default argument "https", but it is only called from one place which never changes the default away from https.
Then The API key is not used to encrypt traffic though, just to authenticate yourself when making API requests. |
|
Got it, thanks. And for https, is it possible to make TLS mutually authenticated, or does that involve lower-level setup with AWS and the local machine? |
|
TLS will authenticate AWS to you — that the server you’re talking to is actually AWS, but not the reverse. AWS API authentication with access key ID and secret access key or however you do it, authenticate you to AWS — that you are actually you.
With https, it uses public key encryption, where AWS’s public key is the public TLS certificate, and your public and private key are automatically generated by your client. In AWS API authentication, your AWS client and the AWS server sign your request with your key (or session token or whatever) and if the signature you sent matches their calculated signature, you’re authenticated. There’s probably more to it than that but that’s the extent of my knowledge.
… On Oct 23, 2022, at 9:51 AM, Will Landau ***@***.***> wrote:
Got it, thanks.
And for https, is it possible to make TLS mutually authenticated, or does that involve lower-level setup with AWS and the local machine?
—
Reply to this email directly, view it on GitHub, or unsubscribe.
You are receiving this because you commented.
|
|
Thanks for explaining, David. Sounds like the network security is automatic in both directions. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
In
paws, what would it take to encrypt API calls so the information in the request is protected in transit? For my situation, the payload will contain a public IP address that connects back to the local machine (either the actual public IP or a temporary one-time IP in a Docker container). I am not sure if the API requests I have performed have actually performed public-key cryptography on the packets before sending them over the network. (IsAWS_SECRET_ACCESS_KEYactually a private key? Is the encryption as good as TLS?)The text was updated successfully, but these errors were encountered: