End to End encryption question

0

My customer wants to implement a quickstart template to comply with HITRUST requirements. https://aws.amazon.com/quickstart/architecture/compliance-hitrust/

This quickstart guide says that

A Secure SocketsLayer (SSL) certificate managed by AWS Certificate Manager (ACM) on the load balancer to encrypt all traffic between the internet and the load balancer. Separateself-signed certificatesaregenerated on the EC2 instancesto encrypt traffic between the load balancer and the application instances.

My customer wants to know how is traffic encrypted between ELB and the application?

Also, does the traffic being encrypted between ELB and EC2 mean that the traffic from ELB to the application is encrypted? How can you achieve end-to-end encryption between ELB and the application?

AWS
已提问 4 年前1659 查看次数
1 回答
0
已接受的回答

From a quick peek at the CloudFormation templates for this quick start, I can see that the ELB Template sets up a target group to communicate with the application EC2 instances on port 443 via the HTTPS Protocol (TLS). I can see in the Application Template that a launch configuration is created for the application associated with the ELB target group mentioned above. The launch configuration uses an AMI with a user data script to generate a self-signed X509 certificate using openssl. The launch config also installs Apache and configures it to use the instances' self-signed certificate on port 443 as a webserver for WordPress on the same instance.

So, consistent with the above text, it seems to me that the load balancer encrypts its connection to the web/app server EC2 instances via HTTPS with a self-signed certificate. I would qualify that as end-to-end encryption between the ELB and the Application. Does that address your question?

AWS
专家
JDB
已回答 4 年前

您未登录。 登录 发布回答。

一个好的回答可以清楚地解答问题和提供建设性反馈,并能促进提问者的职业发展。

回答问题的准则