[Osaka/Yokohama/Tokushima] Looking for infrastructure/server side engineers!

[Osaka/Yokohama/Tokushima] Looking for infrastructure/server side engineers!

[Deployed by over 500 companies] AWS construction, operation, maintenance, and monitoring services

[Deployed by over 500 companies] AWS construction, operation, maintenance, and monitoring services

[Successor to CentOS] AlmaLinux OS server construction/migration service

[Successor to CentOS] AlmaLinux OS server construction/migration service

[For WordPress only] Cloud server “Web Speed”

[For WordPress only] Cloud server “Web Speed”

[Cheap] Website security automatic diagnosis “Quick Scanner”

[Cheap] Website security automatic diagnosis “Quick Scanner”

[Reservation system development] EDISONE customization development service

[Reservation system development] EDISONE customization development service

[Registration of 100 URLs is 0 yen] Website monitoring service “Appmill”

[Registration of 100 URLs is 0 yen] Website monitoring service “Appmill”

[Compatible with over 200 countries] Global eSIM “Beyond SIM”

[Compatible with over 200 countries] Global eSIM “Beyond SIM”

[If you are traveling, business trip, or stationed in China] Chinese SIM service “Choco SIM”

[If you are traveling, business trip, or stationed in China] Chinese SIM service “Choco SIM”

[Global exclusive service] Beyond's MSP in North America and China

[Global exclusive service] Beyond's MSP in North America and China

[YouTube] Beyond official channel “Biyomaru Channel”

[YouTube] Beyond official channel “Biyomaru Channel”

How to "allow another account's security group" in AWS

AWS

My name is Ito and I am an infrastructure engineer.

You may be using multiple AWS accounts.
I think there are many reasons for this, such as an internal request...

Do you have separate AWS accounts for some reason, but still want to communicate?

With CIDR, if you are connected to each other using VPC Peering,
it is OK to allow CIDR of the other side's network.
However, in the case of ELB, there is no internal IP address, so you
will need to allow each security group.

Additionally, when allowing EC2 in an Auto Scaling group under a specific subnet,
even if individual IP addresses are allowed, the increased EC2 due to autoscaling
may become an IP that is not allowed in the security group. There is a possibility that it will come.
In such cases, you will need to allow the security group.

So, here's how to allow "another account's security group" in the security group.

The image looks like this.

<Account ID>/<Group ID>

This is the answer, but
specify it by "Account ID/Group ID" in the security group you want to allow.
You can check your account ID from the top right of the AWS console.
It's all blacked out, but it's a 12-digit number that says "Account".

You can check the group ID in Security Groups.
This is also all blacked out, but it's an ID that starts with "sg-".

By separating these two with "/", you can allow (deny) security groups for different accounts.

It's like this.
It's full of black paint.

If you found this article helpful , please give it a like!
0
Loading...
0 votes, average: 0.00 / 10
8,297
X facebook Hatena Bookmark pocket
[2025.6.30 Amazon Linux 2 support ended] Amazon Linux server migration solution

[2025.6.30 Amazon Linux 2 support ended] Amazon Linux server migration solution

The person who wrote this article

About the author