ELB Security

Updated Jul 26, 2020 ·

NOTES

This is not an exhaustive documentation of all the existing AWS Services. These are summarized notes that I used for the AWS Certifications.

To see the complete documentation, please go to: AWS documentation

Security Features

AWS Loadbalacers can automatically distribute incoming application traffic across multiple targets.

• Handles the varying load of application traffic.
• Offers different types of Loadbalancers
  • Network Loadbalancers
  • Application Loadbalancers
  • Classic Loadbalancers
  • Gateway Loadbalancers
• Provides some security features such as security policies.

Security Policy of HTTPS Listeners

When you create a TLS Listener, you must select a security policy which can be updated as needed. To learn more, check out the following links:

• User Guide for Application Load Balancers
• User Guide for Network Load Balancers
• User Guide for Gateway Load Balancers
• User Guide for Classic Load Balancers
• TLS listeners for your Network Load Balancer

TLS/SSL Termination Options

TLS/SSL can be terminated in either:

• ELB
• EC2/ECS/EKS/Fargate (behind the loadbalancer)

To terminate the TLS/SSL behind the loadbalancer, you can only use:

• Network Loadbalancer
• Classic Loadbalancer with TCP protocol support for termination

Security implications of terminating TLS/SSL in the ELB:

• ELB will decrypt TLS/SSL so traffic between ELB and EC2/ECS/EKS will be unencryptesd
• you will not have end-to-end encryption in place

Benefits of termination TLS/SSL in the ELB:

• Offloads processing to the ELB
• Faster and less resources needed in the EC2/ECS/EKS/Fargate

NOTE: Do not terminate the TLS/SSL in the ELB unless you really need to.

To learn more, check out:

• New – TLS Termination for Network Load Balancers

• Network Load Balancer Now Supports TLS Termination

• Verify that ELB load balancers require TLS termination