Can AWS security groups on one AWS account reference security groups in another?

18
votes

For example, I have a main company AWS account one with security group-xxxxx. Now I have my personal aws with security group-yyyyy. The accounts are not related at all. Can I add accept group-yyyyy into the group-xxxxx thereby allowing my personal instances to access the companies instances?

4
securityamazon-web-services

4 Answers

47
votes

You can use the web UI to add

other-aws-account-id/account-security-group-id

ie

951413000000/sg-deadbeef as the source

14
votes

For people looking for a solution for this question now, it is possible for security groups to be referenced from cross accounts if their vpc is peered. ! Its a new feature from aws ! Cheers

Link to article

3
votes

I know this is quite old, but I found an even older AWS Developer Forums topic which discusses this and it seems possible with the EC2 API tools by using the ec2-authorize command (e.g., ec2-authorize your-account-security-group-id -P tcp -p 10050 -u other-aws-account-id -o other-account-security-group-id). I've not yet tested it, but I will and then post my results here.

1
votes

You can't do this with Security Groups in VPC's and since you can't make Security Groups that aren't in VPC's anymore (at least I can't see how) I don't believe this is possible anymore.

You have to look at VPC peering connections but thats way over my head.