How to Config Temporal Server with public access by different environment workers

Our business runs inside different clouds, they can only access each other with public
ip addresses(we have config ACL for safety). Now we want to run one Temporal cluser inside
one cloud then provide centralized rings service here, other cloud runs only workers connected to
this cluster.

I’m not sure how to config this Temporal cluster for public access, take bellow as example:
for port 7233,7234,7235,7239, can I just create SLB with public ip address, then set bellow
EC2 ip(port) as upstream?

$ ./tctl adm cl d
{
  "supportedClients": {
    "temporal-cli": "\u003c2.0.0",
    "temporal-go": "\u003c2.0.0",
    "temporal-java": "\u003c2.0.0",
    "temporal-server": "\u003c2.0.0"
  },
  "serverVersion": "1.4.1",
  "membershipInfo": {
    "currentHost": {
      "identity": "172.18.0.3:7233"
    },
    "reachableMembers": [
      "172.18.0.3:6935",
      "172.18.0.3:6934",
      "172.18.0.3:6933",
      "172.18.0.3:6939"
    ],
    "rings": [
      {
        "role": "frontend",
        "memberCount": 1,
        "members": [
          {
            "identity": "172.18.0.3:7233"
          }
        ]
      },
      {
        "role": "history",
        "memberCount": 1,
        "members": [
          {
            "identity": "172.18.0.3:7234"
          }
        ]
      },
      {
        "role": "matching",
        "memberCount": 1,
        "members": [
          {
            "identity": "172.18.0.3:7235"
          }
        ]
      },
      {
        "role": "worker",
        "memberCount": 1,
        "members": [
          {
            "identity": "172.18.0.3:7239"
          }
        ]
      }
    ]
  }
}

this question is kind of like:
can we config temporal cluster service nodes with public ip adress , like kafka cluster with config:
advertised.listeners

Let me rephrase the question to make sure I understood it correctly.
You want to run temporal backend in one cloud and be able to connect to it using public IP from the other cloud?
If so what you want is just setup a load balancer with public IP (or public DNS record), put temporal frontend behind it and point workers to the public address that you’ve created. You shouldn’t need to change the way temporal ring is configured internally as backend would not care which way calls are routed to it.

So the clients no need to aware the temporal ring behind it? that will be greate.