Resource Sharing allows you to share the resources of your Alibaba Cloud account with other accounts and access the resources shared by other accounts.

Scenarios

An enterprise may have multiple Alibaba Cloud accounts and use these accounts to subscribe to diversified services. In some cases, the enterprise needs to use one of the accounts to purchase resources of a specific type and wants to share these resources with the other accounts.

The enterprise can use the Resource Directory service to create a resource directory and use the resource directory to organize and centrally manage the accounts based on the organizational structure or business form. The Resource Sharing service allows the management account and members of the resource directory to share resources with each other. For example, the management account or a member of the resource directory creates and configures a virtual private cloud (VPC), and shares the vSwitches in this VPC with other members in the resource directory. This way, these members can create resources of the desired Alibaba Cloud services in the vSwitches, and the resources of all the members in the resource directory are interconnected.

Benefits

  • Low costs: Resources are created in a centralized manner and shared among members. This way, you do not need to configure resources for each member.
  • Centralized management: Shared resources are managed and maintained in a centralized manner. This helps you configure security policies and use the Cloud Config and ActionTrail services to audit and track configurations and operations in a centralized manner.
  • Improved sharing experience: Resources are shared based on the same sharing mechanism. You do not need to adapt to the different sharing operations of various resources.

Terms

Resource Sharing
Term Description
resource share A resource share is an instance of the Resource Sharing service. It is also a cloud resource and has a unique ID and an Alibaba Cloud Resource Name (ARN). A resource share consists of a resource owner, principals, and shared resources.
resource owner A resource owner initiates resource sharing and owns shared resources. It is the management account or a member of a resource directory.
principal A principal shares the resources of resource owners. It has specific operation permissions on the shared resources. A principal is a member of a resource directory. Multiple principals can share the same resource.
Note The operation permissions of each principal on the shared resources are determined based on the Alibaba Cloud service to which the resources belong. For example, the operation permissions of principals on the shared vSwitches in a VPC are determined based on the VPC service. For more information, see Permissions related to VPC sharing.
shared resource A shared resource is a resource of an Alibaba Cloud service.
resource sharing Resource sharing allows you to share your resources with all members in your resource directory, all members in a specific folder in your resource directory, or a specific member in your resource directory. For more information, see Enable resource sharing.

Procedure

  1. Log on to the Resource Management console by using the management account of your resource directory and enable resource sharing on the Settings page.

    For more information, see Enable resource sharing.

  2. Create a resource share as a resource owner.

    For more information, see Create a resource share.

  3. Add or remove a shared resource.

    For more information, see Add or remove a shared resource.

  4. Add or remove a principal.

    For more information, see Add or remove a shared target.

  5. Access the shared resource as a principal.

Services that work with Resource Sharing

Service Resource type References
VPC vSwitch Use the Resource Directory service and the VPC sharing feature for resource sharing among multiple accounts
Resource Orchestration Service (ROS) Template Share a template with members in a resource directory

Limits

Item Upper limit Adjustable
Number of resource shares that can be created by using each management account or member 10 Apply for a quota.
Number of resources that can be shared with other members by using each management account or member 10 Apply for a quota.
Number of resources in each request 5 N/A.
Number of principals in each request 5 N/A.

Differences between sharing of region-specific resources and sharing of global resources

Before you create a resource share in Resource Sharing, you must specify a region. You can use the Resource Sharing service to share region-specific or global resources. The following table describes the differences between sharing of region-specific resources and sharing of global resources.

Resource type Difference
Region-specific resource

Region-specific resources are resources that reside in a specific region. You must specify a region before you create a region-specific resource. If you want to share a region-specific resource, you must create a resource share in the region where the resource resides.

For example, if you want to share a vSwitch that resides in the China (Hangzhou) region, you must create a resource share in the China (Hangzhou) region in the Resource Management console or by using the related API operation.

Global resource

Global resources are resources that can be accessed in all regions. You do not need to specify a region before you access a global resource or perform an operation on a global resource. If you want to share a global resource by using the Resource Sharing service, you can create a resource share only in the China (Shanghai) region.

For example, ROS templates are global resources. If you want to share an ROS template by using the Resource Sharing service, you must create a resource share in the China (Shanghai) region. The limit on the region is exclusive to the Resource Sharing service and does not affect the shared resources. The ROS templates can still be accessed in all regions in the ROS console.