• CanadaPlus@lemmy.sdf.org
    link
    fedilink
    arrow-up
    0
    arrow-down
    1
    ·
    edit-2
    5 months ago

    Well, depends. If it’s hosted on AWS and HTTPS terminates there like it’s supposed to, Amazon could look inside, but a human being would have to personally hack your container and extract the data, so that’s a bit better. If it’s something more like Wix, though, sure. (Is Wix still a thing?)

    • markstos@lemmy.world
      link
      fedilink
      arrow-up
      0
      ·
      5 months ago

      If you use the AWS load balancer product or their certificates, they have access to the private key, regardless of whether you forward traffic from the LB to the container over HTTPS or not.

      If you terminate the SSL with your own certificate yourself, Amazon still installs the SSM agent by default on Linux boxes. That runs as root and they control it.

      If you disable the SSM agent and terminate SSL within Linux boxes you control at AWS, then I don’t think they can access inside your host as long as you are using encrypted EBS volumes encrypted with your key.

      • CanadaPlus@lemmy.sdf.org
        link
        fedilink
        arrow-up
        1
        ·
        5 months ago

        Obviously, I’ve never actually done this. Good to know.

        I’m starting to worry that HTTPS is entirely fake - in the sense that it’s purely decorative encryption that protects an insignificant part of the transaction. Like, maybe by design. The NSA’s been doing something all these years.