In a resource directory, the vSwitches in a virtual private cloud (VPC) within a member (resource owner) can be shared with another member (principal). This topic describes how a resource owner shares vSwitches with other members.
Limits
Make sure that you understand the limits on shared VPCs. For more information, see Limits on use.
Step 1: Use a resource directory to manage multiple accounts
The Resource Directory service provided by Alibaba Cloud allows you to create members in your resource directory or invite accounts to join your resource directory as members. This way, you can manage all members in the resource directory in a centralized manner.
Enable a resource directory.
For more information, see Enable a resource directory.
Use the management account of the resource directory to create folders based on the organizational structure of your enterprise.
For more information, see Create a folder.
Use the management account of the resource directory to create members in the resource directory or invite accounts to join the resource directory as members.
For more information, see Create a member or Invite an Alibaba Cloud account to join a resource directory.
Step 2: Enable resource sharing
Log on to the Resource Management console by using the management account of your resource directory.
In the left-side navigation pane, choose Resource Sharing > Settings.
On the page that appears, click Enable.
In the Service-linked Role for Resource Sharing dialog box, click OK.
The system creates a service-linked role named AliyunServiceRoleForResourceSharing to obtain the organizational structure of the resource directory. For more information, see Service-linked role for Resource Sharing.
Step 3: Create a resource share as the resource owner
Create a resource share in the Resource Management console. Then, add the VPC resources that you want to share and the accounts with which you want to share the resources to the resource share.
Create a resource share. Then, add the VPC resources that you want to share and the accounts with which you want to share the resources to the resource share.
Log on to the Resource Management console.
In the left-side navigation pane, choose .
In the top navigation bar, select the region where the VPC resources that you want to share are deployed.
On the Shared By Me page, click Create Resource Share.
In the Configure Basic Information and Add Resources step, enter a name for the resource share in the Resource Share Name field. For example, you can enter Finance_VPC. In the Resources section, select the resource type and resource IDs. For example, you can select the vSwitch type and select the ID vsw-bp183p93qs667muql****. Then, click Next.
In the Add Permissions step, select permissions for principals and click Next. For example, you can select AliyunRSDefaultPermissionVSwitch.
In the Add Principals step, add principals and click Next.
For more information about how to add principals, see Create a resource share.
In the Confirm and Submit step, click OK.
View the details about the resource share.
On the Shared By Me page, view the following information of the resource share: Resource Share ID/Name, Status, and Creation Time.
After a resource share is created, it is in the Enabled state.
Click the ID of the resource share to view its detailed information.
If Associated is displayed in the Status columns of the Resources and Principals sections, the resources that you want to share and the accounts with which you want to share the resources are added to the resource share.
(Optional) Modify the information of the resource share.
On the details page of the resource share, you can click Edit Resource Share to change the resource share name, add or remove shared resources, or add or remove principals. For more information, see Modify a resource share
Step 4: View and use the shared vSwitches as a principal
By default, after the resource owner shares a vSwitch, a principal can use the shared vSwitch without confirmation. Principals can view the vSwitches that other accounts share with them. They can also create cloud resources, such as Elastic Compute Service (ECS) instances, Server Load Balancer (SLB) instances, and ApsaraDB RDS instances, in the shared vSwitches.
Log on to the Resource Management or VPC console to view the shared vSwitches. In this example, the member 177242285274**** is used to log on to the VPC console to view the shared vSwitch vsw-bp183p93qs667muql****.
NoteA principal can log on to the Resource Management or VPC console to view shared vSwitches. For more information about how to view shared vSwitches, see View shared vSwitches.
NoteWhen a resource owner shares vSwitches, the VPC console generates records of shared VPCs, route tables, and vSwitches due to network requirements.
In the VPC console, change the name and description of the shared VPC, route table, and vSwitch.
NoteThe preceding information is exclusive to you and cannot be viewed or changed by the resource owner.
Create a cloud resource in the shared vSwitch.
On the vSwitch page, find the shared vSwitch, move the pointer over Add Cloud Service in the Actions column, select the type of resource that you want to create, and then create a cloud resource.
NoteYou can also create cloud resources in the consoles of the related Alibaba Cloud services. When you configure networks for the resources, select the shared vSwitch.
View the cloud resource that is created in the shared vSwitch.
Principals can view the cloud resources that are created in the shared vSwitches in the VPC console or in the consoles of the related Alibaba Cloud services. The following figure shows the cloud resource that is created in the shared vSwitch in the VPC console.