In a resource directory, the vSwitches in a virtual private cloud (VPC) within a member (resource owner) can be shared with another member (principal). This topic describes how a resource owner shares vSwitches with other members.

Limits

Make sure that you understand the limits on shared VPCs. For more information, see Limits.

Step 1: Use a resource directory to manage multiple accounts

The Resource Directory service provided by Alibaba Cloud allows you to create members in your resource directory or invite accounts to join your resource directory as members. This way, you can manage all members in the resource directory in a centralized manner.

  1. Enable a resource directory.
    For more information, see Enable a resource directory.
  2. Use the management account of the resource directory to create folders based on the organizational structure of your enterprise.
    For more information, see Create a folder.
  3. Use the management account of the resource directory to create members in the resource directory or invite accounts to join the resource directory as members.

Step 2: Enable resource sharing

  1. Use the management account of your resource directory to log on to the Resource Management console.
  2. In the left-side navigation pane, choose Resource Sharing > Configure.
  3. On the Settings page, click Enable.
  4. In the Service-linked Role for Resource Sharing dialog box, click OK.
    The system creates a service-linked role named AliyunServiceRoleForResourceSharing to obtain the organizational structure of the resource directory. For more information, see Service-linked role for Resource Sharing.

Step 3: Create a resource share as the resource owner

Create a resource share in the Resource Management console. Then, add the VPC resources that you want to share and the accounts with which you want to share the resources to the resource share.

  1. Create a resource share. Then, add the VPC resources that you want to share and the accounts with which you want to share the resources to the resource share.
    1. Log on to the Resource Management console.
    2. In the left-side navigation pane, choose Resource Sharing > Resources I Share.
    3. In the top navigation bar, select the region where the VPC resources that you want to share are deployed.
    4. On the page that appears, click Create Resource Share.
    5. On the Create Resource Share page, enter a name for the resource share in the Resource Share Name field. For example, you can enter Finance_VPC.
    6. In the Select Shared Resource section, select the resource type and resource IDs, and click Add. For example, you can select the vSwitch type and select the ID vsw-bp183p93qs667muql****.
    7. In the Add Principal section, configure the Add Mode parameter and add principals. For example, you can add the principal whose ID is 177242285274****
      • Add from Resource Directory
        Note This mode can be used only by the management account of the resource directory.

        Select principals from the resource directory.

        • If you select the Root folder, the added resources are shared with all members in the resource directory.
        • If you select a folder other than the Root folder, the added resources are shared with all members in the selected folder.
        • If you select a member, the added resources are shared only with the member.
      • Add Manually

        Configure the Principal Type parameter, specify a folder or member ID if required, and then click Add. You can select one of the following options from the Principal Type drop-down list:

        • Resource Directory: If you select this option, the ID of the current resource directory is automatically displayed for the Resource Directory ID parameter that appears. In this case, the added resources are shared with all members in the resource directory.
        • Folder: If you select this option, you must enter a folder ID in the Folder ID field that appears. In this case, the added resources are shared with all members in the folder.
        • Alibaba Cloud Account: If you select this option, you must enter a member ID. In this case, the added resources are shared only with the member.
    8. Click OK.
  2. View the details about the resource share.
    1. On the Resources I Share page, view the following information of the resource share: Resource Share ID/Name, Status, and Creation Time.
      If the resource share is in the Enabled state, it is created. Status of the resource share
    2. Click the ID of the resource share to view its detailed information.
      If Associated is displayed in the Status columns of the Shared Resources and Principals sections, the resources that you want to share and the accounts with which you want to share the resources are added to the resource share. Details
  3. (Optional) Modify the information of the resource share.

    On the details page of the resource share, you can click Edit in each section to change the resource share name, add or remove shared resources, or add or remove principals. For more information, see Change the name of a resource share, Add or remove a shared resource, or Add or remove a principal.

Step 4: View and use the shared vSwitches as a principal

By default, after the resource owner shares a vSwitch, a principal can use the shared vSwitch without confirmation. Principals can view the vSwitches that other accounts share with them. They can also create cloud resources, such as Elastic Compute Service (ECS) instances, Server Load Balancer (SLB) instances, and ApsaraDB RDS instances, in the shared vSwitches.

  1. Log on to the Resource Management or VPC console to view the shared vSwitches. In this example, the member 177242285274**** is used to log on to the VPC console to view the shared vSwitch vsw-bp183p93qs667muql****.
    Note A principal can log on to the Resource Management or VPC console to view shared vSwitches. For more information about how to view shared vSwitches, see View shared vSwitches.
    View shared VPCs
    Note When a resource owner shares vSwitches, the VPC console generates records of shared VPCs, route tables, and vSwitches due to network requirements.
  2. In the VPC console, change the name and description of the shared VPC, route table, and vSwitch.
    Note The preceding information is exclusive to you and cannot be viewed or changed by the resource owner.
    Modify vSwitch information
  3. Create a cloud resource in the shared vSwitch.
    1. On the vSwitch page, find the shared vSwitch, move the pointer over Create in the Actions column, select the type of resource that you want to create, and then create a cloud resource.
      Note You can also create cloud resources in the consoles of the related Alibaba Cloud services. When you configure networks for the resources, select the shared vSwitch.
    2. View the cloud resource that is created in the shared vSwitch.
      Principals can view the cloud resources that are created in the shared vSwitches in the VPC console or in the consoles of the related Alibaba Cloud services. The following figure shows the cloud resource that is created in the shared vSwitch in the VPC console.View the cloud resource that is created in the shared vSwitch