Interesting points. Here is a few things you'll miss choosing Route 53 over ELB:...

spamizbad · on Sept 30, 2014

ELB's HTTPS termination is mediocre and, last I checked, doesn't offer the best ciphers. A year ago It was impossible to get an A+ on ssltest https://www.ssllabs.com/ssltest/ using ELB to terminate SSL.

Not to mention it still needlessly includes a ton of dangerously insecure ciphers just begging to be misclicked.

dbarlett · on Oct 2, 2014

The current default, ELBSecurity Policy-2014-01 [1] enables ECDSA/PFS and is close to the Mozilla TLS recommendations [2]. Getting an A+ on the Qualys test requires the HSTS header [3], which isn't an ELB issue.

[1] http://docs.aws.amazon.com/ElasticLoadBalancing/latest/Devel...

[2] https://wiki.mozilla.org/Security/Server_Side_TLS#Amazon_Web...

[3] http://mir.aculo.us/2014/04/04/how-to-get-an-a-on-the-qualsy...

shackledtodesk · on Sept 30, 2014

ELB scales horrible and can not scale to even tens of thousands of connections per second, let alone handling spikes of 100k/sec simultaneous connections. Even if you get AWS to prewarm to ELB at a higher peak rate, if you spike over those limits you will drop new incoming connections. HTTPS termination is trivial compared to a requirement to be able to actually handle hundreds of thousands to millions of simultaneous connections per second.

kolev · on Sept 30, 2014

Actually, ELB can scale pretty well... but... you need to file a form and they will up your ELB capacity. Totally ridiculous; the situation with CloudFront.

latch · on Sept 30, 2014

Is https termination really worth mentioning? They'll still be running some type of web server (nginx, apache, whatever) and enabling https termination there is probably easier than going through the elb wizard.