0

So far I used a single-account for blue-green deployments using ALB and target groups. My company decided we should use a multi-account setup for enhanced security (separate staging and prod). Great, so I'm now migrating our setup and noticed I can't send traffic with an ALB (or NLB) to a target group that is not in a local VPC. Yes, I can set up VPC sharing, but it kind of defeats the point of resource separation. How do you guys deal with blue-green deployments with LBs in a multi-account setup?

For now I just set up VPC sharing but I'm not sure this is the way it should work.

jessieot
  • 1

1 Answers1

0

In your case you you can use VPC peering connection - https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/peer-with-vpc-in-another-account.html

Please notice, that you should have different pool of IP address between two VPCs, otherwise you will have problem with setting routing.

On the other hand if the number of accounts will growth in your company you can look at TGW (Transit gateway). You will not have to create VPC peering connection for each new VPC in another account (also VPC peering connection doesn't support multiple VPC peering connections - Multiple VPC peering connections)

Ilya Nepsha
  • 9
  • 3