AWS Certified Solutions Architect - Professional 2020

Sign Up Free or Log In to participate!

Cross Account SG ref : setting up 1 account security group ref as inbound source in 2nd account SG

Hello Cloud Gurus,

I got a question and looking forward to the comments , thanks in Advance !

Since a security group (SG) can have other SG ref as inbound traffic. Examples – App tier SG only allows the traffic from web tier, so, web tier SG ref is configured as inbound source ( rather than IP range ). Hope It’s clear to base the understanding around end goal.

Now, the Scenario is :-

— 2 different aws accounts

— using same region (e.g. us-west-2)

— each account has its own VPC ( so 2 VPCs each account per se )

— there is no existing VPC peering and not feasible to do with current setup ( IP mixing and Org level issues then )

Having said that the question is — How can one account SG ref can be configured as inbound source in other account SG ?

The goal is to achieve something similar as to abovesaid use case ( of web & App tier ).

Thanks in advance for reading and comments !!!

1 Answers reveals

SG in peer VPC can be a VPC in your account, or a VPC in another AWS account. Surely that answers your question?

Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Get Started
Who’s going to be learning?