By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Traffic from Shared services account to Elastic beanstalk?

0

Hi, I don't want to expose my elasticbeanstalk web application directly from the AWS account it is hosted in, I have a landing zone and a dedicated network account for ingress/egress. I want to host the ALB in my network account and share my TGW using RAM in the elasticbeanstalk account, But not sure how external traffic will be able to reach my elastic beanstalk env.

Shall I add internal ALB in front of elasticbeankstalk because I need end to end SSL also.

Topics
ComputeNetworking & Content DeliveryAWS Well-Architected Framework
Tags
AWS Elastic BeanstalkElastic Load BalancingAWS Transit GatewaySecurityNetwork Load Balancer
Language
English
profile picture
Chirag Nayyar
asked 7 months ago286 views
1 Answer
2
Accepted Answer

Hi,

Yes, you need to add internal ALB. You will route traffic from your TGW to it but also have HA and horizontal scaling for your application. There are many examples available on how to add a centralised firewall with TGW and a separate network account, you can follow them to understand the traffic flow for your ingress. https://medium.com/@deepikakhalarka/traffic-patterns-with-centralized-inspection-using-firewall-appliances-aws-cloud-23cbec8f4b78

profile picture
EXPERT
Dmytro Sirant
answered 7 months ago
profile picture
EXPERT
Oleksii Bebych
reviewed a month ago
profile pictureAWS
EXPERT
Didier_Durand
reviewed 7 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content