How do you build APIs that consume cross account resources (and do it securely)?

Operating multiple accounts is an AWS best practice — it helps shard your work, distribute limits, and better segment your environments. It can be challenging to build APIs that consume resources in different accounts, but you have a few options:

  1. VPC peer or use Transit Gateway to enable communication between two private VPC.
  2. Expose your services publicly and allow resources from accounts and VPCs to consume the services. Add security to prevent unauthorized use.