Our team is using AWS Lambda functions and API Gateway to facilitate connections to open banking API's within Europe. (PSD2).
Our Lambda's are written in NodeJS.
PSD2 requires Mutual TLS, which is fine and we have everything correctly implemented and working in a sandbox environment.
An example request would look something like this:
{
hostname: '[bank hostname]',
path: '[bank api endpoint]',
method: 'GET',
headers: {
accept: 'application/json',
signature: 'XXX',
date: 'XXX',
digest: 'XXX',
'x-request-id': 'XXX',
'tpp-signature-certificate': '[PATH_TO_CERTIFICATE]',
authorization: 'Bearer [accessToken]',
},
cert: fs.readFileSync('/var/task/certs/cert.crt'), // Buffer
key: fs.readFileSync('/var/task/certs/private.key'), // Buffer
}
The problem we currently have is that we are unsure where to securely store our certificates. For the time-being, we are just storing them in an assets folder in our codebase, this is not ideal and we would like to move them out of our codebase for obvious reasons.
We have been looking at AWS ACM. However it is not clear how we would retrieve a path to certificates (after uploading them) in order to use it in the request above.
So my question is how would we use AWS to securely store our certificates in such a way that we can use them in a HTTPS request?