Traffic from Shared services account to Elastic beanstalk?


Hi, I don't want to expose my elasticbeanstalk web application directly from the AWS account it is hosted in, I have a landing zone and a dedicated network account for ingress/egress. I want to host the ALB in my network account and share my TGW using RAM in the elasticbeanstalk account, But not sure how external traffic will be able to reach my elastic beanstalk env.

Shall I add internal ALB in front of elasticbeankstalk because I need end to end SSL also.

1 Answer
Accepted Answer


Yes, you need to add internal ALB. You will route traffic from your TGW to it but also have HA and horizontal scaling for your application. There are many examples available on how to add a centralised firewall with TGW and a separate network account, you can follow them to understand the traffic flow for your ingress.

profile picture
answered 10 months ago
profile picture
reviewed 4 months ago
profile pictureAWS
reviewed 10 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions