Amazon launched TLS/SSL support for AWS Network Load Balancers (NLB). This new feature interprets the process of developing secure web applications by enabling users to make use of TLS connections that terminate at an NLB. This support is fully combined with AWSPrivateLink and is also supported by AWS CloudFormation.
The features of TLS/SSL support includes Simplified management- Utilizing TLS at scale needs a user to perform extra management work like sharing the server certificate to each backend server, and also doubles the attack surface due to the presence of various copies of the certificate. This TLS/SSL support appears with a central management point for users’ certificates by incorporating with AWS Certificate Manager (ACM) and Identity Access Manager (IAM). Improved compliance- This latest feature offers the flexibility of predefined safety policies. Developers can utilize these built-in safety policies to define the cipher suites and protocol versions that are sufficient to their application. This will assist users if they are going for PCI and FedRAMP compliance and also enable them to perform a perfect TLS score.
Classic upgrade- Users who are currently utilizing a Classic Load Balancer for TLS termination can shift to NLB that will support them to scale promptly in case of an extended load. Users will also be able to make use a static IP address for their NLB and log the source IP address for requests. Access logs- TLS/SSL support users to access logs for their NLBs and direct them to the S3 bucket of their choice. These logs will document data about the TLS protocol version, cipher suite, connection time, handshake time, and more.