- 新しい順
- 投票が多い順
- コメントが多い順
Hello.
The purpose of the network account is to manage inbound and outbound communications.
In other words, if you create a resource that is publicly accessible outside of your network account, you will lose control of your traffic.
So, if you are going to create a public ALB, etc., it would be better to create it in a network account.
https://docs.aws.amazon.com/prescriptive-guidance/latest/security-reference-architecture/network.html
To add to Riku’s answer, in order to achieve this you will certainly have to design your routing with either peering/transit gateway. Both ingress and egress routes need to be designed to control the flow of traffic.
Traffic will only route via the network account and not directly.
Concurrently DNS will need to be part of the central design.