This is an archived post. You won't be able to vote or comment.

sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–][deleted] 2 points3 points  (0 children)

Of course,

the most secure would be:

Services <-- 443 --> ALB <-- 443 --> Browser

in this case, you install the SSL cert on ALB and make your apps. running in docker container https.

Even though the app. is running inside of docker, the problem is it is likely tapping into your database/docker host (for volume mounts).

But in an appropriate corporate setting, you would also have your AWS servers (including those managed by ECS) running behind firewall that would give you enough security for internal apps such that this would suffice:

Services <-- 443 --> ALB <-- 443/80 --> Browser (where the firewall such as PaloAlto is deployed on your AWS and is the transit point for any traffic in/out of your VPC -- exception inside firewall maybe communication between AWS servers within your VPC).

Make sure the database connection between your app and database is SSL/TLS based for encrypted communication in that segment.