Reputation: 1896
Use cases for TLS inside AWS VPC?
I just watched a presentation from AWS about ElastiCache and they mention that if you want to strengthen security you can use TLS for data in transit.
I really can't see the benefits of that considering we also lose a good percentage of performance. Anyone aware of any use-cases for TLS inside AWS VPC?
One of my thoughts was that a compromised instance inside the same VPC can sniff traffic, but that is apparently not possible: https://aws.amazon.com/answers/networking/vpc-security-capabilities/#Packet_Sniffing
Upvotes: 3
Views: 2344
Answers (2)
Reputation: 13638
Yes it's common in security situations where you are dealing with highly sensitive data, you would certainly consider both encryption of data in transit and at rest.
It mainly depends on the security policy of the application runs under. The security policy would be established by management and intransit encryption can be mandatory in HIPAA or PCI applications.
Possible attack vectors are "man-in-the middle" or unauthorized access by internal users.
I'm not sure what the performance hit would be, but I don't think it would be significant.
Also note this from the article you reference:
While Amazon EC2 does provide ample data protection between customers by default, as a standard practice it is best to always encrypt sensitive traffic.
Upvotes: 3
Reputation: 8885
In general, you should have Zero Trust of anything in your network.
Upvotes: 0
Related Questions
- Why do we need private subnet in VPC?
- How exactly is a VPC used
- VPC SSL/HTTPS environment
- Advantages of creating ECS cluster inside a VPC
- Why use a VPC with AWS Lambda or AWS DynamoDB?
- When to set up a nondefault VPC in AWS?
- When should I configure or not configure VPC in AWS Lambda functions
- Building AWS Infrastructure - Security Questions
- What are the reasons to use private subnet in aws vpc?
- Why use https to connect aws load balancer with instances in vpc?