You can grant permissions on a Smart Access Gateway (SAG) instance to a Cloud Connect Network (CCN) or a virtual border router (VBR) that belongs to another Alibaba Cloud account. This way, the SAG instance can be associated with the CCN instance or the VBR.

Prerequisites

The UID of the peer account and the ID of the CCN instance or VBR are obtained.

Procedure

  1. Log on to the Smart Access Gateway console.
  2. Use one of the following methods to go to the Network Configuration tab of the SAG instance:
    • Click the ID of the SAG instance. On the details page of the SAG instance, click the Network Configuration tab.
    • Find the SAG instance and click Network Configuration in the Actions column.
  3. On the details page of the SAG instance, choose Network Configuration > Network Instance Details.
  4. In the Authorized Cross-account Instances section, click Authorize CCN Instance.
  5. In the Authorize CCN Instance dialog box, set the following parameters and click OK.
    Parameter Description
    Authorized Account UID Enter the UID of the account to which you want to grant permissions, for example, 168840159596****.
    Network Type Select the type of the network instance. Valid values:
    • Cloud Connect Network: If you select this option, you must specify the ID of a CCN instance that belongs to the peer account.
    • Virtual Border Router: If you select this option, you must specify the ID of a VBR that belongs to the peer account.
    Target CCN Instance ID Enter the ID of the CCN instance, for example, ccn-6dhj3m2fz7p6og****.
    Note This parameter is required when the Network Type parameter is set to Cloud Connect Network.
    Region If you set Network Type to VBR, you must select the region where the VBR is deployed.
    Note This parameter is required when Network Type is set to Virtual Border Router.
    Peer VBR ID Enter the ID of the peer VBR, for example, vbr-o6w14e21pzziti4tp****.
    Note This parameter is required when Network Type is set to Virtual Border Router.
    Enable Security Routing Select or clear Enable Secure Routing. By default, secure routing is disabled.

References

  • GrantSagInstanceToVbr: grants permissions on a SAG instance to a VBR that belongs to another account.
  • GrantSagInstanceToCcn: grants permissions on a SAG instance to a CCN instance that belongs to another account.