End to End encryption question

0

My customer wants to implement a quickstart template to comply with HITRUST requirements. https://aws.amazon.com/quickstart/architecture/compliance-hitrust/

This quickstart guide says that

A Secure SocketsLayer (SSL) certificate managed by AWS Certificate Manager (ACM) on the load balancer to encrypt all traffic between the internet and the load balancer. Separateself-signed certificatesaregenerated on the EC2 instancesto encrypt traffic between the load balancer and the application instances.

My customer wants to know how is traffic encrypted between ELB and the application?

Also, does the traffic being encrypted between ELB and EC2 mean that the traffic from ELB to the application is encrypted? How can you achieve end-to-end encryption between ELB and the application?

AWS
질문됨 4년 전1684회 조회
1개 답변
0
수락된 답변

From a quick peek at the CloudFormation templates for this quick start, I can see that the ELB Template sets up a target group to communicate with the application EC2 instances on port 443 via the HTTPS Protocol (TLS). I can see in the Application Template that a launch configuration is created for the application associated with the ELB target group mentioned above. The launch configuration uses an AMI with a user data script to generate a self-signed X509 certificate using openssl. The launch config also installs Apache and configures it to use the instances' self-signed certificate on port 443 as a webserver for WordPress on the same instance.

So, consistent with the above text, it seems to me that the load balancer encrypts its connection to the web/app server EC2 instances via HTTPS with a self-signed certificate. I would qualify that as end-to-end encryption between the ELB and the Application. Does that address your question?

AWS
전문가
JDB
답변함 4년 전

로그인하지 않았습니다. 로그인해야 답변을 게시할 수 있습니다.

좋은 답변은 질문에 명확하게 답하고 건설적인 피드백을 제공하며 질문자의 전문적인 성장을 장려합니다.

질문 답변하기에 대한 가이드라인

관련 콘텐츠