- Più recenti
- Maggior numero di voti
- Maggior numero di commenti
Hello.
The purpose of the network account is to manage inbound and outbound communications.
In other words, if you create a resource that is publicly accessible outside of your network account, you will lose control of your traffic.
So, if you are going to create a public ALB, etc., it would be better to create it in a network account.
https://docs.aws.amazon.com/prescriptive-guidance/latest/security-reference-architecture/network.html
To add to Riku’s answer, in order to achieve this you will certainly have to design your routing with either peering/transit gateway. Both ingress and egress routes need to be designed to control the flow of traffic.
Traffic will only route via the network account and not directly.
Concurrently DNS will need to be part of the central design.
Contenuto pertinente
- AWS UFFICIALEAggiornata un anno fa
- AWS UFFICIALEAggiornata 10 mesi fa
- AWS UFFICIALEAggiornata 8 mesi fa
- AWS UFFICIALEAggiornata 2 anni fa