Durch die Nutzung von AWS re:Post stimmt du den AWS re:Post Nutzungsbedingungen
AWS re:Postre:Post

ECS Service connect Agent support of communication encryption

0

Hello Does ECS service connect envoy proxy support communication encryption between to tasks in the same namespace, do we need to end SSL tunnel in the application container (same scenario if we don't use service connect )or there is a configuration to end the ssl tunnel in envoy proxy. Note I am not using APP Mesh

Themen
ServerlosBehälter
Tags
AWS FargateECS Service Discovery
Sprache
English
Youez
gefragt vor einem Jahr757 Aufrufe
1 Antwort
2

ECS Service Connect does not provide built-in communication encryption between tasks within the same namespace. By default, the communication between tasks in the same namespace is not encrypted.

If you want to secure the communication between tasks within the same namespace, you have a few options:

You can deploy a separate sidecar proxy container (such as Envoy) alongside your application containers. The sidecar proxy can handle SSL/TLS termination and encrypt the communication between your application containers. In this scenario, the communication between the application containers and the sidecar proxy is typically unencrypted, but the communication between the sidecar proxies of different tasks can be encrypted.

The following post maybe can help to you

https://aws.amazon.com/blogs/compute/setting-up-an-envoy-front-proxy-on-amazon-ecs/

profile picture
EXPERTE
Sedat Salman
beantwortet vor einem Jahr
  • Rahat
    vor 4 Monaten

    Are u suggesting to use envoy directly instead of service connect?

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Richtlinien für die Beantwortung von Fragen

Relevanter Inhalt