Featured

Today I contacted Amazon about a question that's been bothering me ever since they announced that SSL termination was possible on their Elastic load Balancers.

Basically, in network terms, as the instances sit behind the firewall and the firewall behind the load balancers, if you terminate the SSL at the load balancer, what exposure is your data at risk of between the load balancer and the firewall?

Amazon's response (though lacking in actual detail) is that data is secure between the load balancer and the firewall, though post termination it is transmitted in clear text (as you'd generally expect). You can see the original question and response here: https://forums.aws.amazon.com/message.jspa?messageID=209121

So all in all Amazon are saying that their load balancer-to-firewall connection is secure.

As they don't give any detail, to a point it depends on how much you trust Amazon on this issue but in my opinion if you're going to implement an SSL termination process on this scale and exposed to this level globally you're gonna do it properly, and if it does has security flaws it's going to be a marketing disaster for your service.

So, all in all, though I don't like not knowing the specific process they use, in future I'm going to trust it for most cases (though all the while keeping an eye out for related reported issues or concerns).