https://github.com/osquery/osquery logo
Title
d

Dave Greene

02/11/2019, 4:39 PM
The tl;dr is that no, even with ACM support for NLBs it still requires the protocol to be
TLS
which messes up gRPC transmission.
m

maxwhite

02/12/2019, 7:05 PM
Yes exactly; What I did after all is a CloudFormation Custom Resource which generates a Let'sEncrypt certificate, stores its fullchain in ACM and its private key in AWS Secrets Manager; which are pulled by the container at bootstrap. not ideal, but I couldn't find a better way
d

Dave Greene

02/12/2019, 8:05 PM
Yeah that’s what we ended up doing to. Ran into some weirdness around the letsencrypt certificate chain but it still worked well enough for a hackathon project