API gateway to elastic beanstalk SSL or not?


In my setup I have my frontend talk to API gateway with SSL. I have a custom domain name with an certificate (all setup through AWS) which points to my API gateway API. Once my request hits the API gateway it is proxied to my EC2 instances (well elastic beanstalk so I guess the load balancer). I am wondering if I’m messing up anywhere on security. Between API gateway and elastic beanstalk is it fair to assume the data doesn’t leave amazon’s private network and is safe, or is that a terrible assumption and I should do something (please advise what) to ensure the connection between the API gateway and my load balancer is secure.

Hi Kenneth,
You can make a decision on outbound security based on how accessible your native service is to outside world. As a general rule it is better to have some security mechanism in place to protect the native service.


This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.