2 Answers
- Newest
- Most votes
- Most comments
6
Load balancer establishes connection with the target using certificates that are installed on target. It doesn't validate those certificates.
Refer Routing Configuration section of this AWS documentation.
If a target group is configured with the HTTPS protocol or uses HTTPS health checks, the TLS connections to the targets use the security settings from the ELBSecurityPolicy-2016-08 policy. The load balancer establishes TLS connections with the targets using certificates that you install on the targets. The load balancer does not validate these certificates. Therefore, you can use self-signed certificates or certificates that have expired. Because the load balancer is in a virtual private cloud (VPC), traffic between the load balancer and the targets is authenticated at the packet level, so it is not at risk of man-in-the-middle attacks or spoofing even if the certificates on the targets are not valid.
As long as you have self signed certificate, you should be good.
To your other point, yes, network LB can help you to address the requirement but ALB has lot of benefits over NLB so you should keep using ALB with self signed certificates on EC2.
1
When mod_ssl is installed with the following command, a self-certificate is also set up with it.
It is possible to use https with a certificate even if the IP address etc. is changed.
sudo yum install mod_ssl
Relevant content
- Accepted Answerasked a year ago
- I can't use Amazon EC2 Auto Scaling to launch EC2 instances with encrypted AMIs or encrypted volumesAWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated a month ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 9 months ago