The owner (resource owner) of a virtual private cloud (VPC) can share the vSwitches that belong to the VPC with other Alibaba Cloud accounts (resource users). After the vSwitch is shared, resource users can create cloud resources in the shared vSwitch.

Background information

A VPC owner (resource owner) can share non-default vSwitches with other Alibaba Cloud accounts (resource users). The resource owner and resource users must belong to the same resource directory. A resource directory allows you to create a hierarchical map of relations among resources and facilitates resource management. For more information, see Resource sharing overview.

After a vSwitch is shared, resource users can use the vSwitch without confirmation by default. Resource users can create cloud resources such as ECS, SLB, and ApsaraDB RDS instances, in the shared vSwitch. Instances created by the resource owner and users in the same VPC can communicate with each other within the VPC by default.Shared VPC diagram

For more information about the operations that can be performed on a shared VPC, see Overview.

Step 1: Enable a resource directory

Resource directories facilitate hierarchical resource management. After you enable resource directory, you can create a hierarchy map of relations among resources.
Note Make sure that your Alibaba Cloud account has passed the enterprise real-name verification before you enable a resource directory.

Perform the following steps to invite resource users to the resource directory:

  1. Log on to the Resource Management console.
  2. In the left-side navigation pane, click Resource Directory.
  3. Click Enable Resource Directory. In the dialog box that appears, click OK.
    After the resource directory is enabled, the system automatically creates a folder named Root, and specifies the current Alibaba Cloud account as the administrator account. The administrator account has full permissions on the resource directory.root
  4. In the upper-right corner of the Resource Directory page, click Invite to invite resource users to the resource directory.
    Only members in the same resource directory can share vSwitches in the VPC. You can also create member accounts for the resource directory. For more information, see Create a member account.
    Note Before you send an invitation, make sure that the following requirements are met:
    • The invited resource user must not have a pending invitation. Otherwise, the resource user must confirm the pending invitation before the resource user can be invited again.
    • The legal entity of the invitee must be the same as that of the inviter. This means that both Alibaba Cloud accounts must use the same legal entity to complete the enterprise real-name verification.
    • You can send at most 20 invitations on a daily basis.
    • The number of resource users in a resource directory cannot exceed 20.

Step 2: Create a resource share

You can create a resource share, and then share vSwitches in the shared VPC with the resource users invited in Step 1. Resource shares are cloud resources. Each resource share has a unique ID and Aliyun Resource Name (ARN). You can group a resource share and add tags to a resource share. For more information, see Resource sharing overview.

Perform the following steps to create a resource share and share vSwitches in the VPC:

  1. Log on to the Resource Management console.
  2. In the left-side navigation pane, choose Resource Sharing > Resources I Share.
  3. In the top navigation bar, select the region where the VPC to be shared is deployed.
    For more information about regions that support VPC sharing, see Feature and supported regions.
  4. On the Resource shares tab, click Create resource share.
  5. In the Create resource share dialog box, set the following parameters and click OK.
    1. Name: Enter a name for the resource share.

      The name must be 1 to 50 characters in length and can contain digits, periods (.), underscores (_), and hyphens (-).

    2. Resource type: Select vSwitch.
    3. Resources: Select one or more vSwitches that you want to share, and click Add.
    4. Select Shared Target: Enter the user ID (UID) of the Alibaba Cloud account to which the resource user belongs, and click Add.
      Note You can share resources with only Alibaba Cloud accounts that belong to the same resource directory.
    5. Click OK.
  6. After you create the resource share, click View Details.
    • If the state of the vSwitch is Associated, the vSwitch is shared. Resource users can create cloud resources in the shared vSwitch after they are invited to the resource directory. For more information, see Create a cloud resource in a shared VSwitch.
    • If the state of the vSwitch is Failed, the vSwitch is not shared. Reasons that may cause sharing failures are as listed. You can troubleshoot the causes and try again:
      • The Alibaba Cloud account of the resource user is the same as that of the resource owner. Resource owners are not allowed to share vSwitches with themselves.
      • The number of resource users that share a single VPC has reached 20.
      • The number of resource users that share a single vSwitch within a VPC has exceeded 20.
      • The number of vSwitches that are shared with a single resource user has exceeded 10.

If you want to unshare a shared vSwitch, remove the vSwitch from the resource share. For more information, see Unshare a shared VSwitch. If you delete the resource share, all resource users of the resource share will lose access permissions on the shared resources. Deleting a resource share does not delete shared resources in the resource share.