Allow communication between EC2 instances running under different AWS Accounts

Question

Hello,

I am trying to setup SSO between an EC2 instance running Gitlab and an EC2 instance with Active Directory following this documentation : "https://docs.gitlab.com/ee/ci/cloud_services/aws/".
I have tried to add our Gitlab address in IAM Identity Providers but I have this message "could not connect to openid configuration of provider".

The issue, I think, is that our Active Directory EC2 instance is running under a different account than our Gitlab EC2 instance. 
Also, our Gitlab EC2 instance is registered in a private zone in Route 53 , under this different account.

Do you know how we can allow communication between EC2 instances running under different account ?

Rémi

Answer

I think that the key here is that you're using a private zone in Route 53 - SSO requires that the identity provider be public and that means being publicly resolvable **and** having a publicly accessible endpoint.

As far as different accounts go: Most networking components in AWS are account-agnostic once connectivity is established between them. For private networks that means things like VPC Peering, Transit Gateway and other mechanisms. For publicly accessible services accounts don't matter at all.

Allow communication between EC2 instances running under different AWS Accounts

관련 콘텐츠