Creates a secure connection between the PRODUCTION
and the INTERNAL
accounts for the applications deployed on a EC2 instance.
The diagram below shows the setup:
PENDING IMAGE
The bridge-nlb
contains a Listener attached to the EC2 Instance services on the 80 port.
The bridge-service
is a VPC Endpoint Service that links with the NLB and allows connections from the INTERNAL
accoount.
On the INTERNAL
account, there is a VPC Endpoint, bridge-endpoint
that creates an endpoint from the service on the PRODUCTION
account.
A Route 53 component contains records for each region just to provide a friendly DNS name for the services installed on the EC2 Instance services on the PRODUCTION
account.
On the PRODUCTION
side (source):
- VPC Id
- Subnet Ids
- Instance Id
- Service Allowed Principal ARN (Target Account)
On the INTERNAL
side (target):
- VPC Id
- Subnet Ids
- Hosted Zone Id