If compliance requires a customer to use SSL/TLS for all communications, would it not be acceptable to offload SSL termination of the ELB and then configure the ELB routing and target to be HTTPS/443. I believe this would encrypt all communication and still allow use of ELB? Granted it would mean using multiple certificate, one for the ELB and one for each target.
1 Answers
You’re right, you could do Client -TLS-> ELB and ELB -TLS->EC2 so that you can ensure SSL in Transit. But in most of the regulatory compliance rules this is not allowed, because you still have the SSL termination in between, which means the data is decrypted at rest (on the ELB) to get encrypted with EC2’s certificate. So the compliance rules enforce to have End-2-end encryption from Client to the EC2 instance itself, where the actual request is processed.
Thanks Marcell, if the compliance requirement was E-2-E then yes agreed; i think the wording of the acloud guru question was "use SSL/TLS for all communications" but i’am not certain and now understand the intent was to describe E-2-E, so many thanks for the response.