This topic describes how to use a Cloud Enterprise Network (CEN) instance to connect
network instances created in the same region but by different accounts In this topic,
Account A and Account B are used as an example to describe how to attach a network
instance under Account B to a CEN instance under Account A.
Prerequisites
Before you start, make sure that the following requirements are met:
- Network instances that you want to connect through CEN are created. Supported network
instances are virtual private clouds (VPCs), Cloud Connect Network (CCN) instances,
and virtual border routers (VBRs).
- Express Connect is not used by the network instances that you want to connect.
Step 1: Use Account A to create a CEN instance
- Log on to the CEN console.
- On the Instances page, click Create CEN instance.
- Set the following parameters to create a CEN instance:
- Name: Enter a name for the CEN instance. The name must be 2 to 128 characters in length
and can contain digits, underscores (_), and hyphens (-). The name must start with
a letter or Chinese character. In this example, DifferentAccountSameRegion is entered.
- Description: Enter a description for the CEN instance. You can leave this parameter empty. The
description must start with a Chinese character or English letter, and cannot start
with
http://
or https://
. The description must be 2 to 256 characters in length, and can contain Chinese characters,
English letters, characters and letters from other languages, digits, hyphens (-),
periods (.), and underscores (_).
-
Attach Network:
- Network Type: Select the type of the network instance that you want to attach. Supported network
instances are VPCs, VBRs, and CCN instances. In this example, VPC is selected.
- Region: Select the region where the network instance is created. In this example, China (Qingdao) is selected.
- Networks: Select the network instance that you want to attach. In this example, a VPC is selected.
- Obtain the ID of the CEN instance that you created.
In this example, the ID of the CEN instance is cen-xxxxxxxxxx4l7
.
Step 2: Use Account B to grant Account A the permissions to attach network instances
This example shows how to attach a VPC created by a different account to a CEN instance.
You can also attach a VBR or a CCN instance.
- Log on to the VPC console with Account B.
- In the left-side navigation pane, click VPCs.
- In the top menu bar, select China (Qingdao).
- Click the ID of the VPC that you want to attach.
- On the Authorize Cross Account Attach CEN tab, click Authorize Cross Account Attach CEN.
- In the dialog box that appears, enter the ID of the account that is used to create
the CEN instance and the ID of the CEN instance, and then click OK.
Step 3: Use Account A to attach the network instance
After the permissions are granted, Account A can attach the network instance created
by Account B:
- Log on to the VPC console with Account A.
- On the Instances page, find the CEN instance that you want to manage, click Manage in the Actions column.
- On the Networks page, click Attach Network and set the following parameters to attach a network instance:
- Account: Select Different Account.
- Owner Account: Enter the ID of the account to which the network instance that you wan to attach
belongs. In this example, the ID of Account B is entered.
- Network Type: Select the type of the network instance that you want to attach. Supported network
instances are VPCs, VBRs, and CCN instances. In this example, VPC is selected.
- Region: Select the region where the network instance is created. In this example, China (Qingdao) is selected.
- Networks: Select the network instance that you want to attach. In this example, the VPC on
which you have acquired the permissions is selected.
Step 4: Test the connectivity
Log on to an Elastic Compute Service (ECS) instance in one of the attached network
instances. Then, ping the private IP address of an ECS instance in another attached
network instance to test the connectivity.
Note Make sure that the operation is allowed by the rules in the security groups of the
ECS instances. For example, if you want to use an ECS instance that is under Account
A and whose CIDR block is 192.168.3.0/24 to access an ECS instance that is under Account
B and whose CIDR block is 192.168.2.0/24, you must use Account B to grant the permissions
to Account A. For more information, see
Add security group rules.