Can you access an EC2 server from another AWS account?

Question

If you have an EC2 server with a port open, then other EC2 servers can access it (using private IP).

But, what if another AWS account hits that private IP, will they be able to access it?

Answer 1

You can create vpc-peering from other aws account , so they can reach your instances.

Answer 2

Can you access an EC2 server from another AWS account? By default, no. EC2s created in a VPC (in a private subnet) cannot communicate with anything outside of the VPC.

If you connect your EC2 to a public subnet, give your EC2 a public IP, or connect it to the Internet via a NAT and IGW you can indeed communicate with an EC2 from outside the VPC.

VPC to VPC communication can also occur with the recent introduction of VPC Peering http://aws.typepad.com/aws/2014/03/new-vpc-peering-for-the-amazon-virtual-private-cloud.html

Today we are making the VPC model even more flexible! You now have the ability to create a VPC peering connection between VPCs in the same AWS Region. Once established, EC2 instances in the peered VPCs can communicate with each other across the peering connection using their private IP addresses, just as if they were within the same network.

You can create a peering connection between two of your own VPCs, or with a VPC in another AWS account.A VPC can have one-to-one peering connections with up to 50 other VPCs in the same Region.

Don't forget to make sure you've allowed for the fire-walling and routing aspects across both accounts:

• Security Groups
• Network ACLs
• Routes

Answer 3

All EC2 instances within the same VPC will be able to reach the boxes if the security groups permit. If the EC2 instance does not have a elastic/public IP assigned to it. EC2 instances outside the VPC will not be able to reach it.