- The SSL server certificate used to terminate client connections can be managed centrally on the load balancer, rather than on every individual application instance.
- The work of encrypting and decrypting SSL traffic is moved from the application instance to the load balancer.
- All of the features available for HTTP can be used with HTTPS connections as well.
If you plan to terminate SSL on Load balancer there is one security consideration that you must be aware of... ie., the traffic flowing through your Load balancer and the Application Instance. Since SSL is terminated on LB, all traffic flowing through the load balancer to application Instance will not be secured. You need to make sure that the application Instance is configured (using security groups in Amazon Web Services) using the security groups so that only LB traffic is allowed to enter Application Instances.
To see how exactly you need to do it visit: http://docs.amazonwebservices.com/ElasticLoadBalancing/2011-04-05/DeveloperGuide/index.html?elb-security-features.html#using-elb-security-groups
No comments:
Post a Comment