1 回答
- 最新
- 投票最多
- 评论最多
1
As you have mentioned, AWS PrivateLink is one of the options for your scenario
To use AWS PrivateLink, create a Network Load Balancer for your application in your VPC/Account B, and create a VPC endpoint service configuration pointing to that load balancer. A service consumer then creates an interface endpoint to your service. This creates an elastic network interface (ENI) in your subnet with a private IP address that serves as an entry point for traffic destined to the service. The consumer and service are not required to be in the same VPC/Account A.
Refer to
https://aws.amazon.com/blogs/compute/architecture-patterns-for-consuming-private-apis-cross-account/
已回答 10 个月前
相关内容
- AWS 官方已更新 1 年前
- AWS 官方已更新 7 个月前
- AWS 官方已更新 10 个月前
- AWS 官方已更新 3 年前
I don't think you read my question. It's from a public API Gateway to an existing private NLB in another account.
I posted the generic architecture patterns for AWS PrivateLink which also included patterns for Public API Gateway accessing Private Endpoint in another account. In terms your attempted solution, since the exposing service is Internal NLB, consuming account has to have either ALB or NLB within VPC. As you might know already, a major benefit of this approach is that network traffic stays within the Amazon network and does not traverse the public internet. This reduces attack vectors and improves the security posture.