Al usar AWS re:Post, aceptas las AWS re:Post Términos de uso
AWS re:Postre:Post

TLS Termination with an ELB

0

Hi,

I'm using an ELB that listens to https traffic on port 443 using TLS with an ACM certificate, decrypts traffic and then forwards it over http port 80 to the target EC2 instances. The ELB and target instances are in the same VPC. Is this secure or should I be forwarding traffic from the ELB to the target servers using HTTPS?

Thanks,
David

Temas
Redes y entrega de contenido
Etiquetas
Amazon VPC
Idioma
English
davemeyer
preguntada hace 5 años392 visualizaciones
2 Respuestas
0

Hi,
In my opinion, if your EC2 instances are in a private subnet and the security groups are set in place, you are secure. At some point in the flow of traffic from the client to the final destination on the EC2 instance, your traffic will be decrypted, so its a matter of personal choice as to whether or not you feel that a private subnet within a VPC is considered "secure" enough. Note: if you are in a heavy regulated industry, such as banking, then you will be required to add encryption on the backend. You can find many links online debating this topic. Here is one from security.stackexchange.com.
https://security.stackexchange.com/questions/30403/should-ssl-be-terminated-at-a-load-balancer
Hope this helps a bit,
-randy

RandyTakeshita
respondido hace 5 años
0

Thanks Randy, that is helpful.

davemeyer
respondido hace 5 años

No has iniciado sesión. Iniciar sesión para publicar una respuesta.

Una buena respuesta responde claramente a la pregunta, proporciona comentarios constructivos y fomenta el crecimiento profesional en la persona que hace la pregunta.

Pautas para responder preguntas

Contenido relevante