Clarify end-to-end encryption support

[a-h]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do * not help prioritize the request If you are interested in working on this issue or have submitted a pull request, please leave a comment

Tell us about your request

I want to have end-to-end encryption from the client to the container.

I'm not sure whether I need to implement TLS within the container within App Runner, or whether App Runner takes care of encrypting data between the load balancer to the container.

Describe alternatives you've considered A clear and concise description of any alternative solutions or features you've considered.

• I considered installing a certificate on the container and enabling a TLS listener, to see if it works.
  • With ALB, you can install a TLS certificate on the container, configure ALB to connect to the container target using HTTPS. ALB doesn't verify the container's certificate, but the traffic is encrypted. It's not clear whether this would work with App Runner.
• Ideally, I'd like App Runner traffic to be automatically encrypted without me having to do anything, due to a network mesh.
• Perhaps the App Runner load balancer could be configured to present a global "App Runner" client certificate.

Additional context Anything else we should know?

Attachments If you think you might have additional information that you'd like to include via an attachment, please do - we'll take a look. (Remember to remove any personally-identifiable information.)