NLB support for TLS passthrough on EKS based on URI paths
A customer is trying to accomplish EKS - NLB set up that is load balancing TLS requests to backends routing different requests to different backends based on requested URI paths without terminating the TLS. per this blog, https://aws.amazon.com/blogs/compute/maintaining-transport-layer-security-all-the-way-to-your-container-using-the-network-load-balancer-with-amazon-ecs/ - The containers use the DNS name associated with the Network Load Balancer to access the containers in the other service.” Does this suggest I need different domains (rather than paths) to accomplish this kind of routing?
- Newest
- Most votes
- Most comments
Network Load Balancers are Layer 4 load balancers (TCP/UDP) - they do not understand HTTP and are not capable of making routing decisions by paths or any other aspect of the incoming request.
Customers who need solutions to perform Layer 7 load balancing (HTTP) should be advised to use Application Load Balancers. However, the ALB must terminate TLS in order to determine which target group to send requests to based on the payload. It can, of course, re-encrypt the backend requests with TLS in order to provide security in transit.
Relevant content
- asked 8 months ago
AWS OFFICIALUpdated a year ago- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated a month ago
- AWS OFFICIALUpdated a year ago
