We currently have a AWS Fargate service running Nginx behind a AWS Application Load Balancer. In front of this, we also use Cloudflare (hence having Cloudflare origin certificate in ACM). Since the ALB terminates the SSL connection, the traffic between the ALB and the Fargate containers is not encrypted, if you do not use a self signed certificate in Nginx and forwards the traffic through 443 instead of 80.
As we want to have end-to-end encryption (we do not need to follow any particular compliance but it just feels like good practice and wrong having the traffic between the ALB<->Fargate unencrypted) - is it then not better to use a Network Load Balancer and terminate the SSL connection in Nginx? This would also reduce one SSL handshake - which could potentially lead to a (marginal?) decreased response time.
Question1: Is using a Network Load Balancer instead of a Application Load Balancer in this case a better alternative?
Question2: Are there any other "features" or functionalities we are missing by doing this? It feels like AWS is really advocating using a ALB instead of a NLB.
Thanks