Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

More information about Packet-Level VPC encryption?

0

How is traffic within my VPC encrypted? We are currently debating whether we need to implement intranet SSL, and the AWS docs suggest that some or all of our intranet traffic is already encrypted. However, we don't have any understanding or control over the AWS intranet encryption, and we would feel more confident knowing exactly what it entails. Can you provide more detailed information about how the AWS VPC packet-level authentication and encryption works?

this page says that:

All traffic within a VPC and between peered VPCs across regions is transparently encrypted at the network layer when using supported Amazon EC2 instance types.

this page claims that:

Because the load balancer is in a virtual private cloud (VPC), traffic between the load balancer and the targets is authenticated at the packet level, so it is not at risk of man-in-the-middle attacks or spoofing even if the certificates on the targets are not valid.

How is the traffic mentioned in these two statements encrypted and/or authenticated? What protocols are used, and why should we have confidence in the AWS "transparent encryption" vs malicious internal actors?

  • Barry
    2 years ago

    @Gary,

    I have 3 scenarios need some clarification: EC2 - EC2 with in a VPC EC2- EC2 between 2 VPCs (in the same region) EC2 - EC2 between 2 VPCs ( in the same region, different AZ)

    Which one is network layer encrypted? In addition, in the doc, it says specific EC2 instance type, what are these types?

    Thank you!

Topics
Networking & Content Delivery
Tags
EncryptionAmazon VPC
Language
English
asked 3 years ago1.8K views
1 Answer
0

What I do know is that any traffic from the ALB to a target that is using SSL doesn’t strictly follow SSL standards.

The alb does not care if it connects to a target that’s running a self signed cert or a cert that’s expired.

That said you will never know if there’s a “man in the middle”

However, the information you have found regarding vpc traffic encryption is true which is transparent.

If it’s really a concern then end to end encryption may be needed to meet certain controls and standards. That’s I guess a business decision.

Not sure if that helps answer your question.

EXPERT
answered 3 years ago
  • scott
    3 years ago

    "However, the information you have found regarding vpc traffic encryption is true which is transparent.", sure, but is AWS encrypting with the Caesar cipher, or are they doing something else? AWS seems confident in their encryption enough to tell users that it exists, so, they should make us confident in their encryption by telling us how it works.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content