Cross Account EC2 Access from within Amazon Workspace

I have a requirement to setup a bastion host (Amazon Workspace) to connect to an ec2 instance living on a different account.

As Amazon Workspaces cannot assume a role the way EC2s can, A cross account policy cannot be used to setup a link between them.

Both Amazon Workspace and EC2 instance live in their respectve VPC's in separate accounts. Is there a Cross account policy like solution which I can use to link these two?

P.S. I cannot create a Workspace in the same VPC/Account because the directory service is only available in one account but the EC2 which needs to be connected to is in other. Also, the EC2 cannot go public as well.

Use a VPC peering between the two accounts so that your instance from account A will be able to communicate with account B.

This will work if you have different subnet CIDR blocks in the two accounts. If you have the same (i.e. in both VPC, your subnets are in 192.168.0.0/16), then change the one that has the least impact and proceed with a VPC peering.

Finally, you will have to configure your security group to allow the bastion to communicate with the other instance.

Here are more details for AWS VPC peering: VPC peering

StackExchange DevOps Q#11742, answer score: 1