• User enter with HTTPS

  • ALB with SSL cert from ACM

  • http connection between auto scaling group and service

    image.png

  • if you want directly connect your instance to SSL

    • Retrieve SSL private key at EC2 boot time(user data) from such as SSM Parameter store
    • install certs on ec2

    image.png

  • ColudHSM to ssl offloading

    • save resources?
    • must setup a cryptographic user on the ColudHSM device