- 最新
- 投票最多
- 评论最多
ECS Service Connect does not provide built-in communication encryption between tasks within the same namespace. By default, the communication between tasks in the same namespace is not encrypted.
If you want to secure the communication between tasks within the same namespace, you have a few options:
You can deploy a separate sidecar proxy container (such as Envoy) alongside your application containers. The sidecar proxy can handle SSL/TLS termination and encrypt the communication between your application containers. In this scenario, the communication between the application containers and the sidecar proxy is typically unencrypted, but the communication between the sidecar proxies of different tasks can be encrypted.
The following post maybe can help to you
https://aws.amazon.com/blogs/compute/setting-up-an-envoy-front-proxy-on-amazon-ecs/
Are u suggesting to use envoy directly instead of service connect?