amazon web services – AWS ALB SSL/TLS offloading security


AWS ALBs allow one to configure an SSL/TLS certificate for encrypting traffic between the client and the LB. Traffic between the LB and the target can be protected with a certificate, but target certificates are not validated… as outlined here: https://github.com/aws-quickstart/quickstart-compliance-hipaa/issues/9#issuecomment-693746199

Question: Does traffic within a VPC require additional measures to secure and prevent unauthorized access? Does AWS VPC have additional security mechanisms to prevent snooping, or unauthorized access to unencrypted traffic flowing within a VPC? Are their any tangible benefits to applying a certificate to the LB target in the above scenario considering that the certificate will not be validated?