AWS - Accessing private website hosted on an external AWS account

Question

Background

My company has bought a SaaS product which is hosted on vendor's AWS environment. The product has a website dashboard which is currently only accessible within the vendor's AWS environment. The access to the vendor's AWS environment is tightly controlled by the vendor.

Right now my users are able to access that dashboard by using Amazon Workspaces provisioned by the vendor. However, the Workspaces have limited number of accounts for my company. My company would like to make this dashboard widely accessible within my company and not restricted by the number of Workspaces accounts.

Question

My company has our own AWS account as well but currently not linked to vendor's VPC/AWS environment at all. Can we build something in our own AWS (probably with a PrivateLink to vendor's VPC?) such that my users can securely access the vendor's dashboard via our own AWS environment? If there's a possible way to do this, what are the AWS services required on both sides?

My objective is to ensure this dashboard is not exposed to the Internet and yet all my company's users can view it without having Workspace credentials.

Answer 1

If I understood your question correctly, what you are looking for looks a lot like How can I access an API Gateway private REST API in another AWS account using an interface VPC endpoint?. The link includes the steps to get access to a private REST endpoint in another account.

It uses VPC interface endpoints which are themselves built on top of PrivateLink.

You may also have a look at Endpoint Service that contains some more scenarios.

Answer 2

As per your comment you would want to use AWS Private Link to accomplish this problem.

By doing this the only resource shared between is an endpoint to access the service.

This would be accessible over VPN too, which should grant you access on your on-premise.