- Newest
- Most votes
- Most comments
Hello.
The purpose of the network account is to manage inbound and outbound communications.
In other words, if you create a resource that is publicly accessible outside of your network account, you will lose control of your traffic.
So, if you are going to create a public ALB, etc., it would be better to create it in a network account.
https://docs.aws.amazon.com/prescriptive-guidance/latest/security-reference-architecture/network.html
To add to Riku’s answer, in order to achieve this you will certainly have to design your routing with either peering/transit gateway. Both ingress and egress routes need to be designed to control the flow of traffic.
Traffic will only route via the network account and not directly.
Concurrently DNS will need to be part of the central design.
Relevant content
- asked 8 days ago
- AWS OFFICIALUpdated 8 months ago
- How do I turn on Multi-AZ with automatic failover in my ElastiCache for Redis self-designed cluster?AWS OFFICIALUpdated 8 months ago
- AWS OFFICIALUpdated 8 months ago
- AWS OFFICIALUpdated 2 years ago