Updated on 2024-03-11 GMT+08:00

Connecting VPCs in Different Accounts

Process Description

If you want to connect the VPCs in your account to VPCs in another user's account, you can create a cloud connection, request this other user to allow you to load their VPCs to the cloud connection, and load all the VPCs to the cloud connection.

Figure 1 Network communications among VPCs in the same region but in different accounts

Figure 2 illustrates how you can enable network communications among VPCs in the same region but in different accounts.

Figure 2 Process for enabling network communications among VPCs

Procedure

  1. Create a cloud connection.

    1. Log in to the management console.
    2. Hover on the upper left corner to display Service List and choose Networking > Cloud Connect.
    3. On the Cloud Connections page, click Create Cloud Connection.
      Figure 3 Create Cloud Connection
    4. Configure the parameters based on Table 1.
      Table 1 Parameters required for creating a cloud connection

      Parameter

      Description

      Name

      Specifies the cloud connection name.

      The name can contain 1 to 64 characters, including letters, digits, underscores (_), hyphens (-), and periods (.).

      Enterprise Project

      Provides a cloud resource management mode, in which cloud resources and members are centrally managed by project.

      Scenario

      VPC: VPCs or virtual gateways can use this cloud connection.

      Tag

      Identifies the cloud connection. A tag consists of a key and a value. You can add 10 tags to a cloud connection.

      Tag keys and values must meet the requirements listed in Table 2.

      NOTE:

      If a predefined tag has been created on TMS, you can directly select the corresponding tag key and value.

      For details about predefined tags, see Predefined Tags.

      Description

      Provides supplementary information about the cloud connection.

      The description can contain a maximum of 255 characters.

      Table 2 Tag key and value requirements

      Parameter

      Requirements

      Key

      • Cannot be left blank.
      • Must be unique for each resource.
      • Can contain a maximum of 36 characters.
      • Can contain only letters, digits, hyphens, and underscores.

      Value

      • Can be left blank.
      • Can contain a maximum of 43 characters.
      • Can contain only letters, digits, period, hyphens, and underscores.
    5. Click OK.

  2. Request the other user to allow you to load their VPCs to your cloud connection.

    If your VPCs need to communicate with the VPCs of another user, ask this other user to grant you the permissions to load their VPCs to your cloud connection. This other user can take the following steps to grant you the permissions to load their VPCs:

    1. In the navigation pane, choose Cloud Connect > Cross-Account Authorization.
    2. Click Network Instances Authorized by Me.
    3. Click Authorize Network Instance.
      Configure the parameters based on Table 3.
      Table 3 Parameters required for asking the other user to grant the permissions on access to their VPCs

      Parameter

      Description

      Region

      Specifies the region where the VPC is located.

      VPC

      Specifies the VPC to be loaded to your cloud connection.

      Peer Account ID

      Specifies the ID of your account.

      Peer Cloud Connection ID

      Specifies the ID of your cloud connection to which the VPCs are to be loaded.

      Remarks

      Provides supplementary information about cross-account authorization, if any.

    4. Click OK.

  3. Load network instances.

    Load the VPCs that need to communicate with each other to the cloud connection. To load a VPC in this other user's account, perform the following steps:

    1. Log in to the management console.
    2. In the cloud connection list, locate the cloud connection and click its name.
    3. Click Network Instances.
    4. Click Load Network Instance.
    5. Select Peer account for Account, select this other user's account ID, project ID, and the VPC, and specify the CIDR blocks.
      For details about the parameters, see Table 4.
      Table 4 Parameters for loading network instances across accounts

      Parameter

      Description

      Account

      Specifies whether the network instance is in the current account or another account.

      Peer Account ID

      Specifies the ID of this other user's account.

      Region

      Specifies the region where the VPC is located.

      Peer Project ID

      Specifies the project ID of the VPC in the other user's account.

      Instance Type

      Specifies the type of the network instance to be loaded.

      Currently, you can load only VPCs across accounts.

      Peer VPC

      Specifies the ID of the VPC you want to load.

      VPC CIDR Block

      Specifies the subnets of the VPC you want to load and the custom CIDR blocks.

      Remarks

      Provides supplementary information about the network instance.

    6. Click OK.

    7. Click Load Another Instance to add all the VPCs that need to communicate with each other. Then click the Network Instances tab to view the VPCs you loaded.
    • You can load a network instance to only one cloud connection.
    • A VPC and the associated virtual gateway cannot be both loaded.
    • If the VPCs are in another user's account, you need to request for the permissions to load the network instances before you can load them to your cloud connection.