En utilisant AWS re:Post, vous acceptez les AWS re:Post Conditions d’utilisation
AWS re:Postre:Post

NLB sticky sessions and SSL encryption

0

I need the following:

  • Use AWS Network load balancer for high performance
  • Sticky sessions for better user experience
  • TLS encryption due to government regulation How should I configure my NLB to have stickiness and end to end encryption ? Thanks
Sujets
Réseaux et diffusion de contenuGouvernement
Balises
Réseaux et diffusion de contenuElastic Load BalancingGouvernementChiffrementÉquilibreur de charge réseau
Langue
English
GITandAWS
demandé il y a un an2037 vues
1 réponse
0
Réponse acceptée

When you are using TLS encryption ( that requires at least 1 certificate ) between the LB and the targets for SSL offloading, it is not possible to have stickiness. If it is mandatory to have all network traffic encrypted then TCP listener on port 443 would help. Due to architectural restrictions in AWS NLB, it's not possible to enable stickiness and TLS listener at the same time . You can move TLS encryption back in the chain, onto the app servers directly. The traffic can then be passed through the NLB as TCP traffic and not TLS traffic, and session stickiness is enabled on the NLB directly, this way you are not compromising the end-to-end encryption in the environment. So the summary solution would be:

  • Enabling TCP listener on port 443 between NLB and the target groups
  • Enabling sticky sessions on AWS NLB
  • Enabling TLS encryption on the blackened servers ( App servers )
AWS
mojtoth
répondu il y a un an
profile pictureAWS
EXPERT
Tushar_J
vérifié il y a un an

Vous n'êtes pas connecté. Se connecter pour publier une réponse.

Une bonne réponse répond clairement à la question, contient des commentaires constructifs et encourage le développement professionnel de la personne qui pose la question.

Instructions pour répondre aux questions

Contenus pertinents