The traffic from ALB and your Fargate task is inside your VPC. After you deployed an ALB, you can see in the network interfaces section (in the EC2 in console) that there are some network interfaces for the ALB. Same for the task. So the traffic uses the protection of transit on a VPC.
Anyway it's highly suggested to implement TLS from ALB and your task, for a zero trust network. ALB doesn't validate the certificate from your task, this means that you can create a self signed certificate, this give you the ability to still encrypt your traffic. https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-target-groups.html
The load balancer establishes TLS connections with the targets using certificates that you install on the targets. The load balancer does not validate these certificates. Therefore, you can use self-signed certificates or certificates that have expired. Because the load balancer is in a virtual private cloud (VPC), traffic between the load balancer and the targets is authenticated at the packet level, so it is not at risk of man-in-the-middle attacks or spoofing even if the certificates on the targets are not valid.
- demandé il y a un an
- Comment résoudre l'erreur « ECS was unable to assume the role » (ECS n'a pas pu assumer le rôle) lors de l'exécution des tâches Amazon ECS ?AWS OFFICIELA mis à jour il y a 2 ans
- Comment résoudre les problèmes liés aux échecs de vérification de l'état du Network Load Balancer pour les tâches Amazon ECS sur Fargate ?AWS OFFICIELA mis à jour il y a 10 mois
- AWS OFFICIELA mis à jour il y a un an