For example, suppose I have an ec2 instance and an elastic load balancer, is it safe to receive HTTPS traffic at the loadbalancer and forward it (unencrypted) to the instance.
I've enabled the minimum set of security group permissions to allow the load balancer to talk to the instance, however, its unclear to me whether these permissions are applied at VM level, or at the networking level. If just at the VM level then, presumably, other instances on the subnet can sniff unencrypted network traffic.
Best Answer
This is what a VPC is for. You can isolate your instance on its own subnet and the only way to access it would be its internal IP address. Read about it here: http://aws.amazon.com/vpc/