- Più recenti
- Maggior numero di voti
- Maggior numero di commenti
Hello.
Transit Gateway cannot refer to security groups in another VPC.
To reference a security group in another VPC, you will need to configure VPC peering.
Therefore, if you are using Transit Gateway, you should set the CIDR of VPC A where load balancer is located using the source IP address instead of referring to the security group.
https://docs.aws.amazon.com/vpc/latest/tgw/tgw-best-design-practices.html
When migrating from VPC peering to use a transit gateway, consider the following:
- A transit gateway does not support security group referencing.
Security groups can be referenced if the VPCs are VPC peering and are in the same region.
https://docs.aws.amazon.com/vpc/latest/peering/vpc-peering-security-groups.html
Hi,
Did you properly reference the security group from the remote account: see https://docs.aws.amazon.com/vpc/latest/peering/vpc-peering-security-groups.html
The peer VPC can be a VPC in your account, or a VPC in another AWS account. To reference
a security group in another AWS account, include the account number in Source or Destination field;
for example, 123456789012/sg-1a2b3c4d.
Best,
Didier
Contenuto pertinente
- AWS UFFICIALEAggiornata 3 mesi fa
- AWS UFFICIALEAggiornata 2 anni fa
- AWS UFFICIALEAggiornata 10 mesi fa
- AWS UFFICIALEAggiornata un anno fa
Is there any recommendation what to use in this case?
You have to use IP address CIDRs in the SG rule
As @Gary says, you need to specify the CIDR of the VPC where the load balancer is located in the inbound rule of the security group set for the ECS container.