Alibaba Cloud Document Center: Find the Documentation for Your Needs

Connect networks that belong to the same region but different accounts

Edit in Github

Last Updated: Aug 06, 2019 Edit in Github

This topic describes how to use Cloud Enterprise Network (CEN) to connect networks that belong to the same region but different accounts.

In this example, Account A and Account B are used to show you how to attach a network under account B to a CEN instance under account A.

Prerequisites

VPCs or Virtual Border Routers (VBRs) are created.
The VPCs and VBRs to be connected do not use Express Connect.

Step 1 Create a CEN instance under account A

Log on to the CEN console.
On the Instances page, click Create CEN instance.
Configure the CEN instance.
- Name: Enter a name for the CEN instance to be created. The name must be 2 to 128 characters in length and can contain letters, numbers, hyphens (-), or underscores (_). In this example, enter DifferentAccountsSameRegion.
- Attach Network:
  - Network Type: Select the type of the network to attach. You can attach a VPC, a VBR, or a Cloud Connect Network (CCN). In this example, select VPC.
  - Region: Select the region of the network. In this example, select China (Qingdao).
  - Networks: Select the instance to attach. In this example, select a VPC.
Obtain the ID of the created CEN instance.
In this example, the ID of the CEN instance is cen-xxxxxxxxxx4l7.

Step 2 Grant permissions to account A

To attach a network that belongs to a different account, you must get authorized. For example, if you want to attach a VPC in account B to a CEN instance in account A, follow these steps:

Log on to the VPC console by using the credentials of account B.
In the left-side navigation pane, click VPCs.
Find the target VPC and click the VPC ID.
In the CEN cross account authorization information section, click CEN Cross Account Authorization.
In the displayed dialog box, enter the ID of account A and the CEN instance to which you want to attach the VPC, and then click OK.

Step 3 Attach a network in account B to account A

After the authorization is completed, networks of account B can be attached to account A. To do so, follow these steps:

Log on to the CEN console by using the credentials of account A.
On the Instances page, find the CEN instance created in Step 1 and click Manage in the Actions column.
On the Networks tab, click Attach Network and attach the network as follows:
- Account: Click the Different Account tab.
- Network Type: Select the type of the network to attach. You can attach a VPC, a VBR, or a CCN. In this example, select VPC.
- Region: Select the region of the network. In this example, select China (Qingdao).
- Owner Account: Enter the ID of the account that owns the network to attach. In this example, enter the account ID of account B.
- Networks: Select the instance to attach. In this example, select a VPC.

Step 4 Test the connectivity

Log on to any ECS instance in an attached network and ping the private IP address of another ECS instance in another attached network to test the connectivity.

Note Make sure that corresponding authorization rules are configured in the security groups of the ECS instances.