Should marketplace container products serve HTTPS or HTTP?

Question

Hello,

I see vendors can sell Docker-based products on AWS Marketplace, for hosting on ECS, EKS or SM. In the case of API-based products, should vendors build HTTP or HTTPS services? Since few AWS compute platforms already handle HTTPS termination (ALB and SM in particular) I'm curious what practice AWS recommends to sellers, so that their products are both convenient and secure.

Answer

The decision of whether to serve content over HTTP or HTTPS depends on various factors, including security, compliance, and the specific requirements of your application. However, as a best practice, it is recommended to serve content over HTTPS whenever possible. In case the deployment of that marketplace container is architected to be behind a ALB, API Gateway, CloudFront, etc, then the HTTPS can be implemented at that layer thus the container service could be serving in HTTP and offloading the encryption to that front end service.

Should marketplace container products serve HTTPS or HTTP?

相關內容