RDS encryption – You can enable encryption for an Amazon RDS DB instance when you create it, but not after it’s created. However, you can add encryption to an unencrypted DB instance by creating a snapshot of your DB instance, and then creating an encrypted copy of that snapshot.
The SSL termination point is where encrypted internet traffic is decrypted. This typically happens at a load balancer or reverse proxy. The SSL certificate and its private key are stored on this intermediary device rather than on the web server.
SSL termination is particularly useful in large-scale environments where managing SSL across many servers would be cumbersome. However, it also means that the traffic between the termination point and the web servers is unencrypted unless further steps are taken, such as establishing a secure tunnel or using internal encryption.
SSL offloading is a technique used to shift the processing of SSL encryption and decryption tasks away from the main web servers to a specialized device, such as a load balancer or dedicated SSL accelerator.
https://aws.amazon.com/blogs/aws/elastic-load-balancer-support-for-ssl-termination/
Target tracking scaling policies for Amazon EC2 Auto Scaling
https://docs.aws.amazon.com/autoscaling/ec2/userguide/as-scaling-target-tracking.html