3

The setup: Application deployed in EC2 instances that are load balanced by an ELB, with Autoscaling Group.

The requirement: secure data encryption in transit in adherence to TLS protocol between the clients and EC2 instances.

The question:

  1. How can you distinguish if a load balancer terminates TLS in itself or in the EC2 instances? I am preparing for the AWS Architect Associate exam and I have encountered this problem multiple times. It seems that whether it terminates TLS in itself or in EC2 instances, it uses port 443. If I have a set of multiple choice answers of possible ELB configurations, which one should I choose if I want TLS to be terminated at EC2 instance?

  2. Is it different when it's a Network Load Balancer compared to a "regular" ELB?

RichVel
  • 7,030
  • 6
  • 32
  • 48
Alain Del Rosario
  • 85
  • 1
  • 4

1 Answers1

2

How can you distinguish if a load balancer terminates TLS in itself or in the EC2s

If the Load Balancer terminates TLS, then it will have HTTPS Listeners with the cert associated with it.

Is it different when its a Network Load Balancer? compared to a "regular" ELB.

Network Load Balancers are Level 4 load balancers and work at protocol level, handling TCP/UDP connections and till recently, did not have TLS offload. That has changed now and the same principle holds - if there's a TLS listener, then it's mostly to be handling the TLS termination

RichVel
  • 7,030
  • 6
  • 32
  • 48
Sathyajith Bhat
  • 21,321
  • 22
  • 95
  • 134