Your company has a set of EC2 Instances that are placed behind an ELB.
Some of the applications hosted on these instances communicate via a legacy protocol and port.
There is a security mandate that all traffic between the client and the EC2 Instances needs to be encrypted with SSL.
Which of the following options can achieve the requirements?
Click on the arrows to vote for the correct answer
A. B. C. D.Answer: D.
Option A is incorrect because you need to use a Classic Load balancer since some applications communicate via a legacy protocol.
Option B is incorrect since the SSL encryption is required for the application in the EC2 Instances.
The SSL should not be terminated at the load balancer.
Option C is incorrect because you need to use a Classic Load balancer since some applications communicate via a legacy protocol.
Option D is CORRECT because since there are applications that work on legacy protocols, you need to ensure that the ELB can be used at the network layer as well.
Hence you should choose the Classic LB.
Since the traffic needs to be secure between the Client and the EC2 Instances, the SSL termination should occur on the EC2 Instances.
For more information on HTTPS listeners for classic load balancers, please refer to the below URL:
https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-https-load-balancers.htmlThe option that can achieve the requirements of encrypting all traffic between the client and the EC2 Instances with SSL is to use an Application Load Balancer (ALB) and terminate the SSL connection at the EC2 Instances (option C).
Explanation:
Option A: Use an Application Load balancer and terminate the SSL connection at the EL. With an Application Load Balancer, the SSL termination can happen either at the ELB or at the EC2 Instances. However, since the requirement is to encrypt all traffic between the client and the EC2 Instances, terminating SSL at the ELB would mean that the traffic between the ELB and the EC2 Instances would be unencrypted. This option does not meet the requirement.
Option B: Use a Classic Load balancer and terminate the SSL connection at the EL. A Classic Load Balancer does not support SSL termination at the EC2 Instances, only at the ELB. Therefore, this option does not meet the requirement.
Option C: Use an Application Load balancer and terminate the SSL connection at the EC2 Instances. With an Application Load Balancer, SSL termination can happen at the EC2 Instances, which means that all traffic between the client and the EC2 Instances would be encrypted with SSL. This option meets the requirement.
Option D: Use a Classic Load balancer and terminate the SSL connection at the EC2 Instances. A Classic Load Balancer does not support SSL termination at the EC2 Instances, only at the ELB. Therefore, this option does not meet the requirement.
In conclusion, option C is the correct answer as it uses an Application Load Balancer and terminates the SSL connection at the EC2 Instances, thus encrypting all traffic between the client and the EC2 Instances with SSL.