Posted On: Jan 24, 2019
Elastic Load Balancing now supports TLS termination on Network Load Balancers. With this new feature, you can offload the decryption/encryption of TLS traffic from your application servers to the Network Load Balancer, which helps you optimize the performance of your backend application servers while keeping your workloads secure. Additionally, Network Load Balancers preserve the source IP of the clients to the back-end applications, while terminating TLS on the load balancer.
TLS termination on Network Load Balancers also offers centralized deployment of SSL certificates by integrating with AWS Certificate Manager (ACM) and Identity Access Manager (IAM). You can also optionally configure encryption to the targets. This feature also provides the flexibility of predefined security polices, which enables you to control the ciphers and protocols the load balancers present to your clients, thus providing strong security posture for your applications.
TLS termination on Network Load Balancers is available in US East (N. Virginia), US East (Ohio), US West (Northern California), US West (Oregon), Asia Pacific (Mumbai), Asia Pacific (Seoul), Asia Pacific (Singapore), Asia Pacific (Sydney), Asia Pacific (Tokyo), Canada (Central), EU (Frankfurt), EU (Ireland), EU (London), EU (Paris), and South America (São Paulo) AWS Regions.
TLS termination on Network Load Balancers is fully integrated with AWS PrivateLink and is also supported by AWS CloudFormation.
To learn more, please refer to the demo, the blog, and the Network Load Balancer documentation.