Closed jerisalan closed 1 week ago
DoobleD
commented
1 week ago Not sure about the switching question, but regarding VPC, my understanding is that within a VPC data in transit cannot be sniffed or spoofed, apart maybe by an AWS employee physically inside the AZ.
See the following resources on the subject:
anthotse
commented
1 week ago My question is will switching to the latter mean we lose TLS 1.2 data-in-transit encryption?
Yes, mounting with mount -t nfs4 will mean that the data in transit will not be encrypted.
Does AWS auto encrypt or not auto-encrypt all network within a VPC...in this case b/w EFS server and EC2 instances?
No, AWS does not automatically encrypt traffic.
Had a question primarily on data-in-transit encryption with respect to AWS EFS usage.
We have a lot of EC2 instances and an AWS EFS instance created within the same AWS VPC. The AWS EFS has multiple access points created which are all mounted onto the EC2 instances. We use AWS
efs-utilsutility for mounting EFS onto EC2 instances extensively and primarily use it because it provides data in transit encryption support via stunnel. Over the course of the last few years, we have begun noticing issues where the NFS server does not respond at times and the mounting times out causing application hangs and other cascading issues.We are considering switching from using the aws-efs-utils tool to the standard mount command without the IAM option.
My question is will switching to the latter mean we lose TLS 1.2 data-in-transit encryption? Does AWS auto encrypt or not auto-encrypt all network within a VPC...in this case b/w EFS server and EC2 instances?