0

I want to set up a secure transit of data between services running is different instances.

First , I thought about setting up an EFS but I don't really like that an instance could have an access to another one.
Then , I thought about VPN and again my problem isn't about remote access but I want to make sure that traffic between all my instances is secure and encrypted.

My question is does the traffic between two EC2 instances within same VPC or different VPC encrypted? If no, how can I set up an IPsec tunnel between instances? Thank you

kenlukas
  • 3,101
  • 2
  • 16
  • 26
am fs
  • 45
  • 1
  • 5
  • 3
    If you cannot trust AWS enough that they will provide a logical isolated network section as promised in the VPC product page you might not want to use AWS at all. – Henrik Pingel Jun 16 '20 at 15:50
  • EFS does not allow servers to connect to each other. It allows a shared filesystem. An instance cannot access another instance through EFS. EFS connections can be encrypted too. You don't state why you need the instances to pass traffic so I'm unable to say for sure that EFS is the way to go. – kenlukas Jun 16 '20 at 17:00
  • 1
    Agree with Henrik that if you don't trust the AWS network then you shouldn't use AWS. However, if you do have a valid reason to do this such as compliance with a ridiculous standard your best options are 1) Application level encryption (e.g. TLS / https) which is by far the easiest option or or 2) Set up IPsec like you suggested, perhaps with something like openswan. – Tim Jun 16 '20 at 18:10

0 Answers0