Enabling TLS for Amazon ECS Service Connect

You enable traffic encryption when you create or update a Service Connect service.

You need to have the infrastructure IAM role. For more information about this role, see Amazon ECS infrastructure IAM role.
Open the console at https://console.aws.amazon.com/ecs/v2.
In the navigation pane, choose Namespaces.
Choose the Namespace with the Service you'd like to enable traffic encryption for.
Choose the Service you'd like to enable traffic encryption for.
Choose Update Service in the top right corner and scroll down to the Service Connect section.
Choose Turn on traffic encryption under your service information to enable TLS.
For Service Connect TLS role, choose an existing infrastructure IAM role or create a new one.
For Signer certificate authority, choose an existing certificate authority or create a new one.

For more information, see see AWS Private Certificate Authority certificates and Service Connect.
For Choose an AWS KMS key, choose an AWS owned and managed key or you can choose a different key. You can also choose to create a new one.

For an example of using the AWS CLI to configure TLS for your service, Configuring Amazon ECS Service Connect with the AWS CLI.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Encrypt Service Connect traffic

Verifying TLS is enabled for Service Connect