4

We have a VPC with security group set between AWS ELB and EC2 instances. However, when a request is forwarded to EC2 instances, we forward it via http, not https. Http being not encrypted and given that security group is correctly set, I wonder if anyone can eavesdrop the communication?

If there is any resources talking about this topic, that would be great as well.

Thank you in advance...

Seong Kim
  • 41
  • 1

1 Answers1

3

In general, if traffic between two servers is sent using http instead of https, then anyone with the ability to inspect traffic anywhere along the path could eavesdrop.

In this case, it sounds like that would probably be limited to you and Amazon network admins.

TTT
  • 9,212
  • 4
  • 20
  • 32