By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

TLS Termination with an ELB

0

Hi,

I'm using an ELB that listens to https traffic on port 443 using TLS with an ACM certificate, decrypts traffic and then forwards it over http port 80 to the target EC2 instances. The ELB and target instances are in the same VPC. Is this secure or should I be forwarding traffic from the ELB to the target servers using HTTPS?

Thanks,
David

Topics
Networking & Content Delivery
Tags
Amazon VPC
Language
English
davemeyer
asked 6 years ago575 views
2 Answers
0

Hi,
In my opinion, if your EC2 instances are in a private subnet and the security groups are set in place, you are secure. At some point in the flow of traffic from the client to the final destination on the EC2 instance, your traffic will be decrypted, so its a matter of personal choice as to whether or not you feel that a private subnet within a VPC is considered "secure" enough. Note: if you are in a heavy regulated industry, such as banking, then you will be required to add encryption on the backend. You can find many links online debating this topic. Here is one from security.stackexchange.com.
https://security.stackexchange.com/questions/30403/should-ssl-be-terminated-at-a-load-balancer
Hope this helps a bit,
-randy

EXPERT
RandyTakeshita
answered 6 years ago
0

Thanks Randy, that is helpful.

davemeyer
answered 6 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content