1 réponse
- Le plus récent
- Le plus de votes
- La plupart des commentaires
1
As you have mentioned, AWS PrivateLink is one of the options for your scenario
To use AWS PrivateLink, create a Network Load Balancer for your application in your VPC/Account B, and create a VPC endpoint service configuration pointing to that load balancer. A service consumer then creates an interface endpoint to your service. This creates an elastic network interface (ENI) in your subnet with a private IP address that serves as an entry point for traffic destined to the service. The consumer and service are not required to be in the same VPC/Account A.
Refer to
https://aws.amazon.com/blogs/compute/architecture-patterns-for-consuming-private-apis-cross-account/
répondu il y a 10 mois
Contenus pertinents
- demandé il y a un an
- demandé il y a 2 mois
- demandé il y a un an
- demandé il y a un an
- AWS OFFICIELA mis à jour il y a un an
- AWS OFFICIELA mis à jour il y a un an
- AWS OFFICIELA mis à jour il y a 2 ans
- AWS OFFICIELA mis à jour il y a 3 ans
I don't think you read my question. It's from a public API Gateway to an existing private NLB in another account.
I posted the generic architecture patterns for AWS PrivateLink which also included patterns for Public API Gateway accessing Private Endpoint in another account. In terms your attempted solution, since the exposing service is Internal NLB, consuming account has to have either ALB or NLB within VPC. As you might know already, a major benefit of this approach is that network traffic stays within the Amazon network and does not traverse the public internet. This reduces attack vectors and improves the security posture.