Should marketplace container products serve HTTPS or HTTP?



I see vendors can sell Docker-based products on AWS Marketplace, for hosting on ECS, EKS or SM. In the case of API-based products, should vendors build HTTP or HTTPS services? Since few AWS compute platforms already handle HTTPS termination (ALB and SM in particular) I'm curious what practice AWS recommends to sellers, so that their products are both convenient and secure.

1 Answer

The decision of whether to serve content over HTTP or HTTPS depends on various factors, including security, compliance, and the specific requirements of your application. However, as a best practice, it is recommended to serve content over HTTPS whenever possible. In case the deployment of that marketplace container is architected to be behind a ALB, API Gateway, CloudFront, etc, then the HTTPS can be implemented at that layer thus the container service could be serving in HTTP and offloading the encryption to that front end service.

profile pictureAWS
answered 5 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions