NLB support for TLS passthrough on EKS based on URI paths

0

A customer is trying to accomplish EKS - NLB set up that is load balancing TLS requests to backends routing different requests to different backends based on requested URI paths without terminating the TLS. per this blog, https://aws.amazon.com/blogs/compute/maintaining-transport-layer-security-all-the-way-to-your-container-using-the-network-load-balancer-with-amazon-ecs/ - The containers use the DNS name associated with the Network Load Balancer to access the containers in the other service.” Does this suggest I need different domains (rather than paths) to accomplish this kind of routing?

AWS
MODERATOR
asked 4 years ago1740 views
1 Answer
0
Accepted Answer

Network Load Balancers are Layer 4 load balancers (TCP/UDP) - they do not understand HTTP and are not capable of making routing decisions by paths or any other aspect of the incoming request.

Customers who need solutions to perform Layer 7 load balancing (HTTP) should be advised to use Application Load Balancers. However, the ALB must terminate TLS in order to determine which target group to send requests to based on the payload. It can, of course, re-encrypt the backend requests with TLS in order to provide security in transit.

AWS
EXPERT
answered 4 years ago
profile picture
EXPERT
reviewed 6 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions