Title
#kolide
OMAR

OMAR

09/12/2019, 6:31 PM
hey folks, I have an aws/fleet infrastructure question that's come up a few times but I'm wondering if anything's changed. so originally, if you wanted to load balance fleet in aws, you basically needed to run a network load balancer (layer 4) that basically proxies tcp connections to the individual hosts, and they end up terminating tls. however I'd like to terminate tls at the load balancer level, but I need to use an application load balancer (layer 7) to do that. this works for regular web traffic over http 1.1 and 2, but because under the hood it speaks only http 1.1 to the destination, it can't work with grpc at all. tl;dr: is anyone on aws and terminating tls (via ACM managed certs) at the load balancer while still using grpc?
a

andybot

09/16/2019, 8:30 PM
for what it’s worth, if you use the native osquery, i think you can sidestep the gRPC question:
OMAR

OMAR

09/16/2019, 10:48 PM
ah thanks, I didn't realize this was an option! I just got osquery (without the launcher) connecting to our NLBs (where TLS is terminated) and it worked out of the box