[{"data":1,"prerenderedAt":66},["ShallowReactive",2],{"pattern-apigw-cognito-cert-bound-access-token":3},{"id":4,"title":5,"architectureURL":6,"cleanup":7,"contributors":10,"deploy":12,"description":15,"extension":16,"framework":17,"gitHub":18,"highlight":6,"introBox":24,"language":30,"level":31,"meta":32,"patternArch":33,"resources":53,"s3URL":6,"services":6,"stem":61,"testing":62,"videoId":6,"__hash__":65},"patterns\u002Fpatterns\u002Fapigw-cognito-cert-bound-access-token.json","Certificate-Bound Access Tokens using Amazon API Gateway and Amazon Cognito",null,{"text":8},[9],"Delete the stack: \u003Ccode>sam delete\u003C\u002Fcode>.",[11],"content\u002Fcontributors\u002Fkevin-draai.json",{"text":13},[14],"sam deploy","Implement certificate-bound access tokens for custom domain with API Gateway and Cognito user pools","json","AWS SAM",{"template":19},{"repoURL":20,"templateURL":21,"projectFolder":22,"templateFile":23},"https:\u002F\u002Fgithub.com\u002Faws-samples\u002Fserverless-patterns\u002Ftree\u002Fmain\u002Fapigw-cognito-certificate-bound-access-token","serverless-patterns\u002Fapigw-cognito-certificate-bound-access-token","apigw-cognito-certificate-bound-access-token","template.yaml",{"headline":25,"text":26},"How it works",[27,28,29],"This pattern creates an Amazon API Gateway REST API and enables mTLS for a custom domain.","Further, it creates a Cognito User Pool, which issues the certificate-bound access tokens.","The REST API makes use of an authorizer to compare the 'cnf' claim in the access token to the fingerprint of the client certificate sent as part of the mutual authentication TLS handshake","Python","300",{},{"icon1":34,"icon2":39,"icon3":43,"line1":47,"line2":51},{"x":35,"y":36,"service":37,"label":38},20,50,"route53","Route53 Custom Domain",{"x":40,"y":36,"service":41,"label":42},55,"apigw","Amazon API Gateway REST API",{"x":44,"y":36,"service":45,"label":46},85,"lambda","AWS Lambda",{"from":48,"to":49,"label":50},"icon2","icon3","mTLS",{"from":52,"to":48},"icon1",{"bullets":54},[55,58],{"text":56,"link":57},"API Gateway mTLS","https:\u002F\u002Faws.amazon.com\u002Fblogs\u002Fcompute\u002Fintroducing-mutual-tls-authentication-for-amazon-api-gateway\u002F",{"text":59,"link":60},"OAuth 2.0 Mutual-TLS Client Authentication and Certificate-Bound Access Tokens","https:\u002F\u002Fdatatracker.ietf.org\u002Fdoc\u002Fhtml\u002Frfc8705","patterns\u002Fapigw-cognito-cert-bound-access-token",{"text":63},[64],"See the GitHub repo for detailed testing instructions.","aTaWBqX3IMogBmXou8aJ-RRTvKmQ47T4TMEXIKoI8I4",1779618900092]