How do I verify if I have secured end to end encryption on my AWS FARGATE container? Have mentioned the approach below :
Application Load balancer listening on 443. Uses a certificate from AWS Certificate Manager. Target group's protocol is HTTPS on port 8443. The health check protocol is HTTPS too. Spring boot application's docker image running on the container, host/container port is 8443. Have the same certificate in the classpath of the application in a PKCS12 file (has the certificate and private key in it). Docker image's and application's port is 8443.
It says a secure connection when I hit the application URL. I understand SSL offloading happens at the load balancer level in ALB. But does the above approach mean an end to end encryption has been achieved? And how do I verify that?
I understand SSL offloading happens at the load balancer level in ALB
SSL offloading is an option with an ALB, if you have target groups using HTTP protocol instead of HTTPS. Offloading implies you're terminating SSL at the load balancer, then using http between the ALB and the target, which isn't what's happening for you.
But does the above approach mean an end to end encryption has been achieved?
If you're using an HTTPS target group, like you are doing, you ought to have end to end encryption. You've got the right idea to verify though, so you can be sure.
And how do I verify that?
You can ensure the traffic to your ALB is using SSL by enabling access logs. You're also seeing SSL in your browser.
You can test the targets are receiving SSL traffic by running something like tcpdump or ssldump (or both!) on your target web server.