Skip to main content
U.S. flag

An official website of the United States government

Encryption in transit on

November 04, 2022

Application to services

The status of encryption in transit between a customer application and a service instance is dependent on the service. Traffic from applications to ElastiCache and ElasticSearch has TLS enabled by default. The same is true for traffic to S3 as long as you are not using a public bucket in web server mode. For traffic to RDS databases, TLS is enabled but not enforced by default. Customers can require TLS in the code library that they are using to make connections to the RDS database.

Application to application

While traffic between customer applications is not secured with TLS by default, customers can enable secure container networking with TLS between their applications on internal routes.

Inbound traffic to applications

All inbound connections to customer applications on are protected by TLS. As that traffic comes into, it crosses a few boundaries where in memory it’s decrypted for inspection/routing and then encrypted when it leaves that boundary all the way to the customer application endpoint. For further details, see the documentation on our SSL/TLS implementation.

An official website of the U.S. General Services Administration

Looking for U.S. government information and services?