1

AWS ALBs allow one to configure an SSL/TLS certificate for encrypting traffic between the client and the LB. Traffic between the LB and the target can be protected with a certificate, but target certificates are not validated... as outlined here: https://github.com/aws-quickstart/quickstart-compliance-hipaa/issues/9#issuecomment-693746199

Question: Does traffic within a VPC require additional measures to secure and prevent unauthorized access? Does AWS VPC have additional security mechanisms to prevent snooping, or unauthorized access to unencrypted traffic flowing within a VPC? Are their any tangible benefits to applying a certificate to the LB target in the above scenario considering that the certificate will not be validated?

JTW
  • 111
  • 3

1 Answers1

0

AWS VPC networking is usually considered sufficiently secured and private that you don't need to encrypt traffic inside your VPC. However, for compliance reasons a lot of traffic inside a VPC is encrypted with TLS.

AWS VPC doesn't let you see traffic that isn't meant for that resource.

Read up on the AWS Hyperplane to understand more about security and how this works.

Tim
  • 30,383
  • 6
  • 47
  • 77