Which AWS service can I use to put SSL encryption in front of an instance in my VPN?

Question

I have instance in VPN on which some external consultants are working on. I need expose the app they are developing to the internet but I don't want them to have access to the private key of our SSL cert.

I am thinking I can put the SSL cert into ACM and then use some AWS component in front of the instance to handle the client connections and TLS encryption. I believe that an application load balancer can do this - will this work and is the best and cheapest option? I don't actually need load balancing just yet but may do in the future.

score 0 · Answer 1 · answered Jan 07 '21 at 14:07

Yes load balancer is one of the option.

Another choice is using a CDN, CloudFront for the SSL, you simply set the origin to the EC2 instance.

Depending on your use case you need to consider what is the right caching policy (if applicable) though.

CloudFront charge by bandwidth, while Load Balancer charge by hour, so you need to consider the type of workload as well.

Which AWS service can I use to put SSL encryption in front of an instance in my VPN?

1 Answers1