Virtual Private Cloud:Enable VPC sharing

Share a vSwitch with an Alibaba Cloud account

A resource owner can share resources with a participant regardless of whether the resource owner and participant are added to a resource directory.

A resource owner can share resources with an Alibaba Cloud account in the following scenarios:

• An Alibaba Cloud account that is not the management account or a member of a resource directory can share resources with another Alibaba Cloud account that is not the management account or a member of a resource directory.
• The management account or a member of a resource directory can share resources with an Alibaba Cloud account that is not the management account or a member of the resource directory.
• The management account or a member of a resource directory can share resources with all members in the resource directory, all members in a specific folder in the resource directory, or a specific member in the resource directory.
  Note Resource sharing across resource directories is not supported.

The following example describes how to use your Alibaba Cloud account (Alibaba Cloud account A) to share a vSwitch with Alibaba Cloud account B. Neither Alibaba Cloud account A nor Alibaba Cloud account B is added to a resource directory.

Step 1: Create a resource share

Create a resource share with Alibaba Cloud account A, add the vSwitch that you want to share to the resource share, and then add Alibaba Cloud account B as a participant.

1. Use Alibaba Cloud account A to log on to the Resource Management console.
2. In the left-side navigation pane, choose Resource Sharing > Resources I Share.
3. In the top navigation bar, select the region where the resources to be shared reside.
4. On the Resources I Share page, click Create Resource Share.
5. In the Configure Basic Information and Add Resources step, enter a resource share name in the Resource Share Name field, select the vSwitches that need to be shared, and then click Next.
6. In the Add Permissions step, select the AliyunRSDefaultPermissionVSwitch permission and click Next.
7. In the Add Principals step, add a principal and click Next.
   1. Select Alibaba Cloud Account from the Principal Type drop-down list.
   2. Enter the ID of Alibaba Cloud account B in the Principal ID field.
   3. Click Add.
8. In the Confirm and Submit step, click OK.

Step 2: Accept the invitation

Use Alibaba Cloud account B to accept the invitation from Alibaba Cloud account A.

1. Use Alibaba Cloud account B to log on to the Resource Management console.
2. In the left-side navigation pane, select Resource Sharing > Resources Shared To Me.
3. On the Resources Shared To Me page, find the created resource share and click Accept in the Status column.
4. In the Accept RS message, click Accept.
   After the invitation is accepted, Alibaba Cloud account B can be used to access the shared vSwitches, and invitations for using resources that are added to the resource share in subsequent operations are automatically accepted.

Share a vSwitch in a resource directory

The administrator or a member of a resource directory can share resources with all members in the resource directory, all members in a specific folder of the resource directory, or a specific member in the resource directory.

Step 1: Use a resource directory to manage multiple accounts

The Resource Directory service provided by Alibaba Cloud allows you to create members in your resource directory or invite accounts to join your resource directory as members. This way, you can manage all members in the resource directory in a centralized manner.

1. Enable a resource directory.
   For more information, see Enable a resource directory.
2. Use the management account of the resource directory to create folders based on the organizational structure of your enterprise.
   For more information, see Create a folder.
3. Use the management account of the resource directory to create members in the resource directory or invite accounts to join the resource directory as members.
   For more information, see Create a member or Invite an Alibaba Cloud account to join a resource directory.

Step 2: Enable resource sharing

1. Use the management account of your resource directory to log on to the Resource Management console.
2. In the left-side navigation pane, choose Resource Sharing > Configure.
3. On the Settings page, click Enable.
4. In the Service-linked Role for Resource Sharing dialog box, click OK.
   The system creates a service-linked role named AliyunServiceRoleForResourceSharing to obtain the organizational structure of the resource directory. For more information, see Service-linked role for Resource Sharing.

Step 3: Create a resource share

Create a resource share in the Resource Management console. Then, add the VPC resources that you want to share and add the participants to the resource share.

1. Create a resource share. Then, add the VPC resources that you want to share and the accounts with which you want to share the resources to the resource share.
   1. Log on to the Resource Management console.
   2. In the left-side navigation pane, choose Resource Sharing > Resources I Share.
   3. In the top navigation bar, select the region where the VPC resources that you want to share are deployed.
   4. On the page that appears, click Create Resource Share.
   5. In the Configure Basic Information and Add Resources step, enter a name for the resource share in the Resource Share Name field. For example, you can enter Finance_VPC. In the Resources section, select the resource type and resource IDs. For example, you can select the vSwitch type and select the ID vsw-bp183p93qs667muql****. Then, click Next.
   6. In the Add Permissions step, select permissions for principals and click Next. For example, you can select AliyunRSDefaultPermissionVSwitch.
   7. In the Add Principals step, add principals and click Next.
      For more information about how to add principals, see Create a resource share.
   8. In the Confirm and Submit step, click OK.
2. View the details about the resource share.
   1. On the Resources I Share page, view the following information of the resource share: Resource Share ID/Name, Status, and Creation Time.
      If the resource share is in the Enabled state, it is created.
   2. Click the ID of the resource share to view its detailed information.
      • If Associated is displayed in the Status columns of the Shared Resources and Principals sections, the resources that you want to share and the participants are added to the resource share. Participants can create cloud resources in the shared vSwitch after they are invited to the resource directory. For more information, see Create cloud resources in a shared vSwitch as a participant.
      • If Association Failed is displayed in the Status columns of the Shared Resources and Principals sections, the resources failed to be shared. The following section lists the reasons that may cause sharing failures. You can troubleshoot the errors and try again.
        • The Alibaba Cloud account of the participant is the same as that of the resource owner. Resource owners are not allowed to share vSwitches with themselves.
        • The number of participants that share one VPC has reached 20.
        • The number of participants that share one vSwitch in a VPC has reached 20.
        • The number of vSwitches that are shared with one participant has reached 10.

      If you do not want to share a vSwitch, you can remove the shared vSwitch from the resource share. For more information, see Remove a shared vSwitch from the Resource Management console. If you delete the resource share, all participants of the resource share cannot access the shared resources. The shared resources are not deleted after you delete the resource share.