Hello Cloud Gurus,
I got a question and looking forward to the comments , thanks in Advance !
Since a security group (SG) can have other SG ref as inbound traffic. Examples – App tier SG only allows the traffic from web tier, so, web tier SG ref is configured as inbound source ( rather than IP range ). Hope It’s clear to base the understanding around end goal.
Now, the Scenario is :-
— 2 different aws accounts
— using same region (e.g. us-west-2)
— each account has its own VPC ( so 2 VPCs each account per se )
— there is no existing VPC peering and not feasible to do with current setup ( IP mixing and Org level issues then )
Having said that the question is — How can one account SG ref can be configured as inbound source in other account SG ?
The goal is to achieve something similar as to abovesaid use case ( of web & App tier ).
Thanks in advance for reading and comments !!!
1 Answers
https://www.google.com/search?client=firefox-b-d&q=cross+account+aws+security+group reveals https://docs.aws.amazon.com/vpc/latest/peering/vpc-peering-security-groups.html
SG in peer VPC can be a VPC in your account, or a VPC in another AWS account. Surely that answers your question?