Is it safe to use S3 over HTTP from EC2, as opposed to HTTPS
Posted
by
Marc
on Server Fault
See other posts from Server Fault
or by Marc
Published on 2012-10-31T20:27:08Z
Indexed on
2012/10/31
23:03 UTC
Read the original article
Hit count: 441
I found that there is a fair deal of overhead when uploading a lot of small files to S3. Some of this overhead comes from SSL itself.
How safe is it to talk to S3 without SSL when running in EC2?
From the awesome comments below, here are some clarifications: this is NOT a question about HTTPS versus HTTP or the sensitivity of my data. I'm trying to get a feeling for the networking and protocol particularities of EC2 and S3. For example
- Are we guaranteed to be passing through only the AWS network when communicating from EC2 to S3
- Can other AWS users (apart from staff) sniff my communications between EC2 and S3
- Is authentication on their api done on every call, and thus credentials are passed on every call? Or is there some kind of authenticated session. I am using the jets3t lib.
Feedback from people with some AWS experience would be appreciated.
Thanks Marc
© Server Fault or respective owner