OiO.lk Community platform!

Oio.lk is an excellent forum for developers, providing a wide range of resources, discussions, and support for those in the developer community. Join oio.lk today to connect with like-minded professionals, share insights, and stay updated on the latest trends and technologies in the development field.
  You need to log in or register to access the solved answers to this problem.
  • You have reached the maximum number of guest views allowed
  • Please register below to remove this limitation

Why is it bad practice to not use CNAME records for Aurora RDS, ElasticCache, and other AWS resources in regards to SSL/TLS communication? [closed]

  • Thread starter Thread starter Roma
  • Start date Start date
R

Roma

Guest
I am uncertain on this topic since this is brought about at times but never given a clear answer as to why.

Currently, CNAME records were used to map to our private RDS instances and Elasticache Redis but I have come across articles stating this is bad practice since spoofing can occur with the CNAME record; thus resulting in a Man-in-the-Middle-Attack. Also, encryption in-transit is another issue when regarding ssl/tls.

The only time encryption in-transit works is only if we reference the Redis Cluster Configuration Endpoint/RDS Endpoint, not the CNAME record.

I would like what the best practice is to managing our clusters. Hoping I can receive clarification on this topic. Would greatly appreciate it.
<p>I am uncertain on this topic since this is brought about at times but never given a clear answer as to why.</p>
<p>Currently, CNAME records were used to map to our private RDS instances and Elasticache Redis but I have come across articles stating this is bad practice since spoofing can occur with the CNAME record; thus resulting in a Man-in-the-Middle-Attack. Also, encryption in-transit is another issue when regarding ssl/tls.</p>
<p>The only time encryption in-transit works is only if we reference the Redis Cluster Configuration Endpoint/RDS Endpoint, not the CNAME record.</p>
<p>I would like what the best practice is to managing our clusters. Hoping I can receive clarification on this topic. Would greatly appreciate it.</p>
Continue reading...
 

Latest posts

Top