Usando AWS re:Post, accetti AWS re:Post Termini di utilizzo
AWS re:Postre:Post

TLS Termination with an ELB

0

Hi,

I'm using an ELB that listens to https traffic on port 443 using TLS with an ACM certificate, decrypts traffic and then forwards it over http port 80 to the target EC2 instances. The ELB and target instances are in the same VPC. Is this secure or should I be forwarding traffic from the ELB to the target servers using HTTPS?

Thanks,
David

Argomenti
Networking e distribuzione di contenuti
Tag
Amazon VPC
Lingua
English
davemeyer
posta 5 anni fa392 visualizzazioni
2 Risposte
0

Hi,
In my opinion, if your EC2 instances are in a private subnet and the security groups are set in place, you are secure. At some point in the flow of traffic from the client to the final destination on the EC2 instance, your traffic will be decrypted, so its a matter of personal choice as to whether or not you feel that a private subnet within a VPC is considered "secure" enough. Note: if you are in a heavy regulated industry, such as banking, then you will be required to add encryption on the backend. You can find many links online debating this topic. Here is one from security.stackexchange.com.
https://security.stackexchange.com/questions/30403/should-ssl-be-terminated-at-a-load-balancer
Hope this helps a bit,
-randy

RandyTakeshita
con risposta 5 anni fa
0

Thanks Randy, that is helpful.

davemeyer
con risposta 5 anni fa

Accesso non effettuato. Accedi per postare una risposta.

Una buona risposta soddisfa chiaramente la domanda, fornisce un feedback costruttivo e incoraggia la crescita professionale del richiedente.

Linee guida per rispondere alle domande

Contenuto pertinente