The resource owner of a virtual private cloud (VPC) can share the vSwitches of the VPC with other Alibaba Cloud accounts (participants) in the same organization. After the owner shares a vSwitch with participants, the participants can create cloud resources in the shared vSwitch.

Background information

A VPC owner (resource owner) can share non-default vSwitches with other Alibaba Cloud accounts (participants). The resource owner and participants must belong to the same resource directory. A resource directory allows you to create a hierarchical map of relations among resources and facilitates resource management. For more information, see Resource Sharing overview.

After a vSwitch is shared, participants can use the vSwitch without confirmation by default. By default, instances created by the resource owner and participants in the same VPC can communicate with each other within the VPC. By default, instances created by the resource owner and participants in the same VPC can communicate with each other within the VPC. Diagram

For more information about the operations that can be performed on a shared VPC, see Overview of VPC sharing.

Step 1: Enable a resource directory

A resource directory allows you to manage resources in a hierarchical manner. After you enable a resource directory, you can build a hierarchical structure for the resources of your enterprise.
Notice Make sure that your Alibaba Cloud account has passed the enterprise real-name verification before you enable a resource directory.

Perform the following steps to invite participants to a resource directory:

  1. Log on to the Resource Management console.
  2. In the left-side navigation pane, choose Resource Directory > Overview.
  3. Click Enable Resource Directory. In the message that appears, click OK.
    After you enable a resource directory, the system automatically creates a Root folder and sets the current Alibaba Cloud account as the administrator account. The administrator account has all permissions on this resource directory. root
  4. In the left-side navigation pane, choose Resource Directory > Invite Member.
    Only members in the same resource directory can share vSwitches in a VPC. You can also create member accounts for the resource directory. For more information, see Create a member.
    Note Before you send an invitation, make sure that the following requirements are met:
    • The invitee must not have a pending invitation. Otherwise, the participant must confirm the pending invitation before the participant can be invited again.
    • The legal entity of the invitee must be the same as that of the inviter. This means that both Alibaba Cloud accounts must use the same legal entity to complete the enterprise real-name verification.
    • The number of invitations sent on each day cannot exceed 20.
    • The number of participants in a resource directory cannot exceed 20.
  5. On the Invite Member page, click Invite Member.
  6. In the Invite Member Account panel, set the Account ID/Logon Email and Remarks parameters. Then, select the check box and click OK.
    Note Enter the email address that was specified when the account was registered. Do not enter the alternate email address that is associated with the account after the account is created. You can enter multiple account IDs. Separate multiple account IDs with commas (,).

Step 2: Create a resource share

You can create a resource share, and then share vSwitches in the shared VPC with the participants invited in Step 1. Resource shares are cloud resources. Each resource share has a unique ID and Aliyun Resource Name (ARN). You can group resource shares and add tags to resource shares. For more information, see Resource Sharing overview.

  1. Log on to the Resource Management console.
  2. In the left-side navigation pane, choose Resource Sharing > Resources I Share.
  3. In the top navigation bar, select the region where the shared VPC is deployed.
    For more information about regions that support VPC sharing, see Feature release and supported regions.
  4. On the Resources I Share page, click Create Resource Share.
  5. On the Create Resource Share page, set the following parameters and click OK.
    Parameter Description
    Resource Share Name Enter a name for the resource share.
    Select Shared Resource
    Region Displays the region where you want to create the resource share.
    Resource Type Select the type of the resources that you want to share.

    In this example, vSwitch is selected.

    Resources Select the resources that you want to share and click Add.
    Add Principal
    Add Mode Select the way in which you want to add a participant.
    • Add from Resource Directory: Select a participant from the resource directory. The following section provides the detailed information:
      • If you select the Root folder, the resources are shared with all members in the resource directory.
      • If you select a folder other than the Root folder, the resources are shared with all members in the selected folder.
      • If you select a member, the resources are shared with the member.
      This mode can be used only by the administrator account of the resource directory.
    • Add Manually: Set the Principal Type and Principal ID parameters, and then click Add. The following section provides the detailed information:
      • Alibaba Cloud Account: Enter the UID of the Alibaba Cloud account with which you want to share the resources.
      • Resource Directory: Displays the ID of the resource directory. The resources are shared with all members in the resource directory.
      • Folder: Enter the ID of a resource folder. The resources are shared with all members in the resource folder.
  6. On the Resources I Share page, find the resource share that you created and click View Details in the Actions column.
    • If the Status of a resource is Associated, the resource is shared. Participants can create cloud resources in the shared vSwitch after they are invited to the resource directory. For more information, see Create cloud resources in a shared vSwitch as a participant.
    • If the Status of a resource is Failed, the resource is not shared. The following section lists the reasons that may cause sharing failures. You can troubleshoot the errors and try again.
      • The Alibaba Cloud account of the participant is the same as that of the resource owner. Resource owners are not allowed to share vSwitches with themselves.
      • The number of participants that share one VPC has reached 20.
      • The number of participants that share one vSwitch in a VPC has reached 20.
      • The number of vSwitches that are shared with one participant has reached 10.

    If you do not want to share a vSwitch, you can remove the shared vSwitch from the resource share. For more information, see Remove a shared vSwitch from the Resource Management console. If you delete the resource share, all participants of the resource share cannot access the shared resources. The shared resources are not deleted after you delete the resource share.