More information about Packet-Level VPC encryption?

How is traffic within my VPC encrypted? We are currently debating whether we need to implement intranet SSL, and the AWS docs suggest that some or all of our intranet traffic is already encrypted. However, we don't have any understanding or control over the AWS intranet encryption, and we would feel more confident knowing exactly what it entails. Can you provide more detailed information about how the AWS VPC packet-level authentication and encryption works?

this page says that:

All traffic within a VPC and between peered VPCs across regions is transparently encrypted at the network layer when using supported Amazon EC2 instance types.

this page claims that:

Because the load balancer is in a virtual private cloud (VPC), traffic between the load balancer and the targets is authenticated at the packet level, so it is not at risk of man-in-the-middle attacks or spoofing even if the certificates on the targets are not valid.

How is the traffic mentioned in these two statements encrypted and/or authenticated? What protocols are used, and why should we have confidence in the AWS "transparent encryption" vs malicious internal actors?