NLB sticky sessions and SSL encryption


I need the following:

  • Use AWS Network load balancer for high performance
  • Sticky sessions for better user experience
  • TLS encryption due to government regulation How should I configure my NLB to have stickiness and end to end encryption ? Thanks
1 Answer
Accepted Answer

When you are using TLS encryption ( that requires at least 1 certificate ) between the LB and the targets for SSL offloading, it is not possible to have stickiness. If it is mandatory to have all network traffic encrypted then TCP listener on port 443 would help. Due to architectural restrictions in AWS NLB, it's not possible to enable stickiness and TLS listener at the same time . You can move TLS encryption back in the chain, onto the app servers directly. The traffic can then be passed through the NLB as TCP traffic and not TLS traffic, and session stickiness is enabled on the NLB directly, this way you are not compromising the end-to-end encryption in the environment. So the summary solution would be:

  • Enabling TCP listener on port 443 between NLB and the target groups
  • Enabling sticky sessions on AWS NLB
  • Enabling TLS encryption on the blackened servers ( App servers )
answered a year ago
profile pictureAWS
reviewed a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions