Networking with Substrate
AWS accounts by themselves often result in too much isolation for a cohesive production system. The addition of IAM roles delivers cross-account access to AWS APIs. Substrate follows this by building on AWS Shared VPCs to offer zero-effort networking between AWS accounts in the same environment. Substrate handles CIDR prefix allocation, cross-region peering, subnetting, and availability zone selection.
When you need to connect two services that are hosted in different AWS accounts, you’re able to do so using EC2 security groups, just like you could when all your infrastructure was jumbled into one account.
No matter what, though, rest assured that Substrate’s network design keeps development and production environments isolated, without so much as an IP route between them.