The main reason I can think of is the single point of failure in regards to a NAT instance. With the only other alternative being giving EIPs to every host that needs internet access. I would like to see a more robust solution and HA for the NAT instance. Especially if you're doing any kind of heavy proxying, couldnt you max out the NAT instance's uplink at some point? Anyone have ideas?
Using ELB to achieve this means they are doing SSL termination on the ELB itself which means the request is no longer encrypted within heroku, unless of course they are using another cert for the connection between ELB->dynos.
But if the instances also live on ec2 (which they do in the heroku case), you would still run into the issue of needing separate instances to terminate SSL on for each SSL enabled site (with the 1 IP limit). It would seem much more economical for them to terminate at the ELB level and only pay for an ELB per customer.
I guess alternatively you could leverage the funky port forwarding hack on elb and put each ssl site on a different backend port. but that just seems like a mess.
