AWS Elb backend authentication

Question

I was reading about backend authentication option in AWS ELB.
What it mentions is there is a instance public key (.pem encoded) to be configured in ELB.

What I could not understand is what is this key or certificate?

Since it is optional will the traffic will still be encrypted between ELB and EC2 instances if port 443 is used.

There is no details mentioned on how to actually do this. Basically I want end to end encryption from user to elb and elb to ec2.

Answer 1

Basically what this is saying is that if you what encryption in transit for the entire journey you will need to install an SSL certificate on your EC2 instance. The journey will look like the below.

client ---(HTTPS)--> load balancer ---(HTTPS)--> EC2 host

You will need to either purchase an SSL, or use a free option such as certbot on your server.

Then once you have this you will need to configure for the web server software you are running. Below are some instructions for common web servers:

• Apache
• Nginx
• IIS
• Tomcat

Ensure that your target group is configured for HTTPS port 443 traffic, to have the load balancer forward requests to HTTPS on your backend.

If the load balancer to EC2 host is not encrypted (plain HTTP) the clients traffic to load balancer will still be encrypted, but after this will be forward in HTTP.