7

On Amazon AWS, should I encrypt sensitive traffic between instances in a virtual private cloud? More specifically, is the traffic between the instances in such a VPC private as in a virtual network, or can it be intercepted?

Couldn't find this info in the documentation.

masegaloeh
  • 17,978
  • 9
  • 56
  • 104
arnuschky
  • 418
  • 4
  • 11
  • 1
    I don't think it's encrypted in transit, but barring a large bug it shouldn't ever be sniffable by other tenants of AWS. AWS employees are a risk, but they're an (acceptable) risk in dozens of other ways too as they've ultimately got physical access to the hardware. If you need to be PCI/HIPAA/etc. compliant or storing Social Security numbers I'd encrypt between instances, but if you're just passing around names and addresses and whatnot I wouldn't bother personally. – ceejayoz Feb 04 '14 at 16:26

1 Answers1

8

Traffic within your VPC can be considered quite private. Yes, a relatively small number of AWS engineers could theoretically view the traffic. If an engineer did that without need, though (support ticket, etc.), they would lose their job.

The traffic is most definitely not viewable by any other EC2 customers.

Like @ceejayoz said above, if you are worried about data privacy, then sure, set up IPSec in transport mode between your instances.

If you're interested in the nuts and bolts of how VPC works, including the security mechanisms they have in place, see A Day in the Life of a Billion Packets, which was my favorite of all the sessions I attended at the AWS re:Invent conference last fall.

EEAA
  • 108,414
  • 18
  • 172
  • 242