The resource owner of a virtual private cloud (VPC) can share the vSwitches that belong to the VPC with other Alibaba Cloud accounts. After the owner shares a vSwitch with other accounts, the resource users can create cloud resources in the shared vSwitch.

Background information

A VPC owner (resource owner) can share non-default vSwitches with other Alibaba Cloud accounts (resource users). The resource owner and resource users must belong to the same resource directory. A resource directory allows you to create a hierarchical map of relations among resources and facilitates resource management. For more information, see Resource Sharing overview.

After a vSwitch is shared, resource users can use the vSwitch without confirmation by default. Resource users can create cloud resources such as ECS, SLB, and ApsaraDB RDS instances, in the shared vSwitch. Instances created by the resource owner and users in the same VPC can communicate with each other within the VPC by default.Shared VPC diagram

For more information about the operations that can be performed on a shared VPC, see Overview.

Step 1: Enable a resource directory

Resource directories facilitate hierarchical resource management. After you enable a resource directory, you can create a hierarchy map of relations among resources.
Note Make sure that your Alibaba Cloud account has passed the enterprise real-name verification before you enable a resource directory.

Perform the following steps to invite resource users to the resource directory:

  1. Log on to the Resource Management console.
  2. In the left-side navigation pane, click Resource Directory.
  3. Click Enable Resource Directory. In the message that appears, click OK.
    After the resource directory is enabled, the system automatically creates a folder named Root, and specifies the current Alibaba Cloud account as the administrator account. The administrator account has full permissions on the resource directory. root
  4. In the upper-right corner of the Resource Directory page, click Invite to invite resource users to the resource directory.
    Only members in the same resource directory can share vSwitches in the VPC. You can also create member accounts for the resource directory. For more information, see Create a member account.
    Note Before you send an invitation, make sure that the following requirements are met:
    • The invited resource user must not have a pending invitation. Otherwise, the resource user must confirm the pending invitation before the resource user can be invited again.
    • The legal entity of the invitee must be the same as that of the inviter. This means that both Alibaba Cloud accounts must use the same legal entity to complete the enterprise real-name verification.
    • The number of invitations sent on the current day cannot exceed 20.
    • The number of resource users in a resource directory cannot exceed 20.

Step 2: Create a resource share

You can create a resource share, and then share vSwitches in the shared VPC with the resource users invited in Step 1. Resource shares are cloud resources. Each resource share has a unique ID and Aliyun Resource Name (ARN). You can group resource shares and add tags to resource shares. For more information, see Resource Sharing overview.

Perform the following steps to create a resource share and share vSwitches in the VPC:

  1. Log on to the Resource Management console.
  2. In the left-side navigation pane, choose Resource Sharing > Resources I Share.
  3. In the top navigation bar, select the region where the shared VPC is deployed.
    For more information about regions that support VPC sharing, see Feature and supported regions.
  4. On the Resource Shares tab, click Create Resource Share.
  5. On the Create Resource Share page, set the following parameter and click OK.
    1. Resource Share Name: Enter a name for the resource share.

      The name must be 1 to 50 characters in length and can contain letters, digits, periods (.), underscores (_), and hyphens (-).

    2. Resource Type: Select VSwitch.
    3. Resources: Select the vSwitches that you want to share, and click Add.
    4. Select Shared Target: Enter an Alibaba Cloud account ID, and click Add.
      Note You can share resources with only Alibaba Cloud accounts that belong to the same resource directory.
    5. Click OK.
  6. After you create the resource share, click View Details.
    • If the status of the vSwitch is Associated, the vSwitch is shared. Resource users can create cloud resources in the shared vSwitch after they are invited to the resource directory. For more information, see Resource consumers create cloud resources in shared switches.
    • If the status of the vSwitch is Failed, the system failed to share the vSwitch. Reasons that may cause sharing failures are as listed. You can troubleshoot the errors and try again.
      • The Alibaba Cloud account of the resource user is the same as that of the resource owner. Resource owners are not allowed to share vSwitches with themselves.
      • The number of resource users that share a single VPC has reached 20.
      • The number of resource users that share a single vSwitch in a VPC has reached 20.
      • The number of vSwitches that are shared with a single resource user has reached 10.

If you do not want to share a vSwitch, you can remove the shared vSwitch from the resource share. For more information, see Remove a shared vSwitch. If you delete the resource share, all resource users of the resource share will lose access permissions on the shared resources. The shared resources are not deleted when you delete the resource share.