AWS security groups between accounts

0
votes

We have two AWS accounts, one for dev and another for prod. Long story short we have a singular database used by services in both accounts which is in prod account. The problem arises when dev services try to access database in prod. Currently, we just add dev services IPs to prod database security group, but that's no longer an option. Is there a way to add dev services security group to prod database security group (cross account)?

1
securityamazon-web-services
This has already been answered on Server Fault: serverfault.com/a/655124/184431Anthony Neace
Thanks for a fast response, however the database and other services are on different VPC and the suggested solution is not applicableDainius Kavoliūnas

1 Answers

4
votes

It's possible to peer the two VPCs across two accounts so long as the CIDRs don't conflict with each other, and they are in the same region.

It will require to add to your route tables in the respective VPCs, and you should check the guide on AWS Docs for a full rundown. Theoretically, you should then be able to add the peered CIDR block to your security group for your database once they are routed correctly (I say theoretically because I've never actually done this, I just know that it's supposed to exist).