Connect to Application Load Balancer from another AWS Account

Question

With two AWS accounts in place, wherein on AWS "Account A", I have some ec2's running. AWS "Account B", I have a EKS Cluster running some pods which are accessible with an Internet-Facing Application Load Balancer Ingress installed in the Kubernetes cluster

Do I enable VPC peering between these two account's VPC's, if so, how do i whitelist the IP / CIDR range in the "Account B" ALB's Security Group to allow access from "Account A"

Currently the ALB's security group inbound is updated with only the IP range of the internal VPN service we use and is perfectly accessible from anywhere within the organization's infrastructure, however, i'm unable to access the ALB from other AWS accounts.

Why your ALB is internet facing, if you are only connecting to it from within a VPC? — Marcin, Jul 18 '22 at 02:09

score 1 · Answer 1 · answered Jul 17 '22 at 21:36

Yes, VPC peering is a valid solution for your use case as long as the CIDR ranges of the two VPCs do not overlap.

if so, how do i whitelist the IP / CIDR range in the "Account B" ALB's Security Group to allow access from "Account A"

Once the peering is in place, simply whitelist the CIDR of the VPC from account A in the security group of account B.

Connect to Application Load Balancer from another AWS Account

1 Answers1