- 最新
- 最多得票
- 最多評論
Hello.
The purpose of the network account is to manage inbound and outbound communications.
In other words, if you create a resource that is publicly accessible outside of your network account, you will lose control of your traffic.
So, if you are going to create a public ALB, etc., it would be better to create it in a network account.
https://docs.aws.amazon.com/prescriptive-guidance/latest/security-reference-architecture/network.html
To add to Riku’s answer, in order to achieve this you will certainly have to design your routing with either peering/transit gateway. Both ingress and egress routes need to be designed to control the flow of traffic.
Traffic will only route via the network account and not directly.
Concurrently DNS will need to be part of the central design.
相關內容
- 已提問 7 個月前
- AWS 官方已更新 2 年前