En utilisant AWS re:Post, vous acceptez les AWS re:Post Conditions d’utilisation
AWS re:Postre:Post

TLS Termination with an ELB

0

Hi,

I'm using an ELB that listens to https traffic on port 443 using TLS with an ACM certificate, decrypts traffic and then forwards it over http port 80 to the target EC2 instances. The ELB and target instances are in the same VPC. Is this secure or should I be forwarding traffic from the ELB to the target servers using HTTPS?

Thanks,
David

Sujets
Réseaux et diffusion de contenu
Balises
Amazon VPC
Langue
English
davemeyer
demandé il y a 5 ans393 vues
2 réponses
0

Hi,
In my opinion, if your EC2 instances are in a private subnet and the security groups are set in place, you are secure. At some point in the flow of traffic from the client to the final destination on the EC2 instance, your traffic will be decrypted, so its a matter of personal choice as to whether or not you feel that a private subnet within a VPC is considered "secure" enough. Note: if you are in a heavy regulated industry, such as banking, then you will be required to add encryption on the backend. You can find many links online debating this topic. Here is one from security.stackexchange.com.
https://security.stackexchange.com/questions/30403/should-ssl-be-terminated-at-a-load-balancer
Hope this helps a bit,
-randy

RandyTakeshita
répondu il y a 5 ans
0

Thanks Randy, that is helpful.

davemeyer
répondu il y a 5 ans

Vous n'êtes pas connecté. Se connecter pour publier une réponse.

Une bonne réponse répond clairement à la question, contient des commentaires constructifs et encourage le développement professionnel de la personne qui pose la question.

Instructions pour répondre aux questions

Contenus pertinents