All Products
Search
Document Center

Elastic IP Address:Share an IP address pool

Last Updated:Aug 26, 2024

In scenarios of cross-account collaboration and cross-account resource management, you can share an IP address pool with other Alibaba Cloud accounts to improve IP utilization and facilitate resource management.

Overview

The resource owner of an IP address pool can share the IP address pool with other Alibaba Cloud accounts (principals). After the IP address pool is shared, principals can use it to allocate EIPs. A resource owner can share resources with Alibaba Cloud accounts in the same or a different enterprise organization. For more information about Resource Sharing, see Resource Sharing overview.

Important

If the owner account of an IP address pool has an overdue payment and the payment is not complete within 15 days, EIPs allocated from the IP address pool to other Alibaba Cloud accounts are also suspended. For more information, see Overdue payments.

Prerequisites

An IP address pool is created. For more information, see Create and manage an IP address pool.

Share an IP address pool with an Alibaba Cloud account

A resource owner can share resources with a principal regardless of whether the resource owner and principal are added to a resource directory.

A resource owner can share resources with an Alibaba Cloud account in the following scenarios:

  • An Alibaba Cloud account that is not the management account or a member of a resource directory can share resources with another Alibaba Cloud account that is not the management account or a member of a resource directory.

  • The management account or a member of a resource directory can share resources with an Alibaba Cloud account that is not the management account or a member of the resource directory.

  • The management account or a member of a resource directory can share resources with all members in the resource directory, all members in a specific folder in the resource directory, or a specific member in the resource directory.

    Important

    Resource sharing across resource directories is not supported.

The following example describes how to use your Alibaba Cloud account (Alibaba Cloud account A) to share an IP address pool with Alibaba Cloud account B. Neither Alibaba Cloud account A nor Alibaba Cloud account B is added to a resource directory.

Step 1: Create a resource share

Create a resource share with Alibaba Cloud account A, add the IP address pool that you want to share to the resource share, and then add Alibaba Cloud account B as a principal.

  1. Log on to the Resource Management console by using Alibaba Cloud account A.

  2. In the left-side navigation pane, choose Resource Sharing > Resources I Share.

  3. In the top navigation bar, select the region where the resources to be shared reside.

  4. On the Shared By Me page, click Create Resource Share.

  5. On the Create Resource Share page, perform the following steps

    1. Configure Basic Information and Add Resources

      1. In the Basic Information section, enter a name in the Resource Share Name field.

      2. In the Resources section, select IP Address Pool next to the region.

      3. Select one or more IP address pools and click Next.

    2. Add Permissions

      In the Add Permissions step, select permissions and click Next.

      For an IP address pool, only the AliyunRSDefaultPermissionPublicIpAddressPool permission is supported. This permission allows you to perform the following operations: ListPublicIpAddressPools and ListPublicIpAddressPoolCidrBlocks.

    3. Add Principals

      1. In the Add Principal section, select All Accounts for the Principal Scope parameter.

      2. Set Principal Type to Alibaba Cloud Account.

      3. Set Principal ID to the ID of Alibaba Cloud Account B and click Add.

      4. In the Added Principals section, confirm the information and click Next.

    4. Confirm and Submit

      Confirm the configuration and click OK.

Step 2: Accept the invitation

Use Alibaba Cloud account B to accept the invitation from Alibaba Cloud account A.

  1. Log on to the Resource Management console by using Alibaba Cloud account B.

  2. In the left-side navigation pane, choose Resource Sharing > Resources Shared To Me.

  3. On the Shared To Me page, find the resource share and click Accept in the Status column.

  4. In the Accept Resource Sharing Invitation dialog box, click Accept.

    After the invitation is accepted, Alibaba Cloud account B can be used to access the shared IP address pool, and invitations for using resources that are added to the resource share in subsequent operations are automatically accepted.

Share an IP address pool within a resource directory

The administrator or a member of a resource directory can share resources with all members in the resource directory, all members in a specific folder of the resource directory, or a specific member in the resource directory.

Step 1: Use a resource directory to manage multiple accounts

The Resource Directory service provided by Alibaba Cloud allows you to create members in your resource directory or invite accounts to join your resource directory as members. This way, you can manage all members in the resource directory in a centralized manner. Perform the following operations by using the administrator account of a resource directory.

  1. Enable a resource directory.

    For more information, see Enable a resource directory.

  2. Use the management account of the resource directory to create folders based on the organizational structure of your enterprise.

    For more information, see Create a folder.

  3. Use the management account of the resource directory to create members in the resource directory or invite accounts to join the resource directory as members.

Step 2: Enable resource sharing

  1. Log on to the Resource Management console by using the management account of your resource directory.

  2. In the left-side navigation pane, choose Resource Sharing > Settings.

  3. On the page that appears, click Enable.

  4. In the Service-linked Role for Resource Sharing dialog box, click OK.

    The system creates a service-linked role named AliyunServiceRoleForResourceSharing to obtain the organizational structure of the resource directory. For more information, see Service-linked role for Resource Sharing.

Step 3: Create a resource share

Create a resource share in the Resource Management console. Then, add the IP address pool that you want to share and add the principals to the resource share.

  1. Use the management account of your resource directory to log on to the Resource Management console.

  2. In the left-side navigation pane, choose Resource Sharing > Resources I Share.

  3. In the top navigation bar, select the region where the resources to be shared reside.

  4. On the Shared By Me page, click Create Resource Share.

  5. On the Create Resource Share page, perform the following steps

    1. Configure Basic Information and Add Resources

      1. In the Basic Information section, enter a name in the Resource Share Name field.

      2. In the Resources section, select IP Address Pool next to the region.

      3. Select one or more IP address pools and click Next.

    2. Add Permissions

      In the Add Permissions step, select permissions and click Next.

      For an IP address pool, only the AliyunRSDefaultPermissionPublicIpAddressPool permission is supported. This permission allows you to perform the following operations: ListPublicIpAddressPools and ListPublicIpAddressPoolCidrBlocks.

    3. Add Principals

      1. In the Add Principal section, select Objects Within Resource Directory for the Principal Scope parameter.

      2. Select Add from Resource Directory for Add Mode.

      3. Select a member from the resource directory.

      4. In the Added Principals section, confirm the information and click Next.

    4. Confirm and Submit

      Confirm the configuration and click OK.

    After the IP address pool is shared, the member can access the IP address pool.

References