AWS ALB vs NLB encryption

nischeruku

7/13/24, 3:00 PM

I am trying to figure out the difference in the way decryption happens between NLB and ALB.

My understanding is that, based on host header and response of public key from server, the traffic is encrypted and the same can be decrypted based on private key installed at application level. But isn't it a layer 7 in all cases. If we say TLS, at what point is the traffic encrypted? And where is it decrypted? AM I missing the point that we are encrypting at layer 3? If so, how is the encryption and decryption happening?

1 + 0

ssl

amazon-web-services

Score:0

Server

Tim

7/13/24, 8:19 PM

ALB and NLB are used for different use cases. ALB is for http(s). NLB is for TCP/UDP that is not https or that you don't want layer seven load balancing. If you don't know what you need, you need an ALB. It would be unusual to use an NLB for web traffic.

ALB has https listeners. The traffic is decrypted, then optionally re-encrypted to send it to the target group.

NLB has TLS listeners. These decrypt traffic and send it to your target group. If you don't want the traffic decrypted use a TCP listener.

+ 0

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: AWS ALB vs NLB encryption

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.