How to "allow another account's security group" in AWS
My name is Ito and I am an infrastructure engineer.
You may be using multiple AWS accounts.
I think there are many reasons for this, such as an internal request...
Do you have separate AWS accounts for some reason, but still want to communicate?
With CIDR, if you are connected to each other using VPC Peering,
it is OK to allow CIDR of the other side's network.
However, in the case of ELB, there is no internal IP address, so you
will need to allow each security group.
Additionally, when allowing EC2 in an Auto Scaling group under a specific subnet,
even if individual IP addresses are allowed, the increased EC2 due to autoscaling
may become an IP that is not allowed in the security group. There is a possibility that it will come.
In such cases, you will need to allow the security group.
So, here's how to allow "another account's security group" in the security group.
The image looks like this.
<Account ID>/<Group ID>
This is the answer, but
specify it by "Account ID/Group ID" in the security group you want to allow.
You can check your account ID from the top right of the AWS console.
It's all blacked out, but it's a 12-digit number that says "Account".
You can check the group ID in Security Groups.
This is also all blacked out, but it's an ID that starts with "sg-".
By separating these two with "/", you can allow (deny) security groups for different accounts.
It's like this.
It's full of black paint.