Compute
Elastic Cloud Server
Huawei Cloud Flexus
Bare Metal Server
Auto Scaling
Image Management Service
Dedicated Host
FunctionGraph
Cloud Phone Host
Huawei Cloud EulerOS
Networking
Virtual Private Cloud
Elastic IP
Elastic Load Balance
NAT Gateway
Direct Connect
Virtual Private Network
VPC Endpoint
Cloud Connect
Enterprise Router
Enterprise Switch
Global Accelerator
Management & Governance
Cloud Eye
Identity and Access Management
Cloud Trace Service
Resource Formation Service
Tag Management Service
Log Tank Service
Config
OneAccess
Resource Access Manager
Simple Message Notification
Application Performance Management
Application Operations Management
Organizations
Optimization Advisor
IAM Identity Center
Cloud Operations Center
Resource Governance Center
Migration
Server Migration Service
Object Storage Migration Service
Cloud Data Migration
Migration Center
Cloud Ecosystem
KooGallery
Partner Center
User Support
My Account
Billing Center
Cost Center
Resource Center
Enterprise Management
Service Tickets
HUAWEI CLOUD (International) FAQs
ICP Filing
Support Plans
My Credentials
Customer Operation Capabilities
Partner Support Plans
Professional Services
Analytics
MapReduce Service
Data Lake Insight
CloudTable Service
Cloud Search Service
Data Lake Visualization
Data Ingestion Service
GaussDB(DWS)
DataArts Studio
Data Lake Factory
DataArts Lake Formation
IoT
IoT Device Access
Others
Product Pricing Details
System Permissions
Console Quick Start
Common FAQs
Instructions for Associating with a HUAWEI CLOUD Partner
Message Center
Security & Compliance
Security Technologies and Applications
Web Application Firewall
Host Security Service
Cloud Firewall
SecMaster
Anti-DDoS Service
Data Encryption Workshop
Database Security Service
Cloud Bastion Host
Data Security Center
Cloud Certificate Manager
Edge Security
Managed Threat Detection
Blockchain
Blockchain Service
Web3 Node Engine Service
Media Services
Media Processing Center
Video On Demand
Live
SparkRTC
MetaStudio
Storage
Object Storage Service
Elastic Volume Service
Cloud Backup and Recovery
Storage Disaster Recovery Service
Scalable File Service Turbo
Scalable File Service
Volume Backup Service
Cloud Server Backup Service
Data Express Service
Dedicated Distributed Storage Service
Containers
Cloud Container Engine
SoftWare Repository for Container
Application Service Mesh
Ubiquitous Cloud Native Service
Cloud Container Instance
Databases
Relational Database Service
Document Database Service
Data Admin Service
Data Replication Service
GeminiDB
GaussDB
Distributed Database Middleware
Database and Application Migration UGO
TaurusDB
Middleware
Distributed Cache Service
API Gateway
Distributed Message Service for Kafka
Distributed Message Service for RabbitMQ
Distributed Message Service for RocketMQ
Cloud Service Engine
Multi-Site High Availability Service
EventGrid
Dedicated Cloud
Dedicated Computing Cluster
Business Applications
Workspace
ROMA Connect
Message & SMS
Domain Name Service
Edge Data Center Management
Meeting
AI
Face Recognition Service
Graph Engine Service
Content Moderation
Image Recognition
Optical Character Recognition
ModelArts
ImageSearch
Conversational Bot Service
Speech Interaction Service
Huawei HiLens
Video Intelligent Analysis Service
Developer Tools
SDK Developer Guide
API Request Signing Guide
Terraform
Koo Command Line Interface
Content Delivery & Edge Computing
Content Delivery Network
Intelligent EdgeFabric
CloudPond
Intelligent EdgeCloud
Solutions
SAP Cloud
High Performance Computing
Developer Services
ServiceStage
CodeArts
CodeArts PerfTest
CodeArts Req
CodeArts Pipeline
CodeArts Build
CodeArts Deploy
CodeArts Artifact
CodeArts TestPlan
CodeArts Check
CodeArts Repo
Cloud Application Engine
MacroVerse aPaaS
KooMessage
KooPhone
KooDrive

Sharing Overview

Updated on 2024-10-14 GMT+08:00

What Is Sharing?

Integration with Resource Access Manager (RAM) allows you to share enterprise routers in your accounts with other accounts so that these accounts can attach their network instances to your enterprise router for network connectivity. This allows you to configure and maintain resources of multiple accounts in a unified manner, improving resource management and control efficiency and reducing O&M costs.
  • You are the owner of the enterprise router.
  • Other accounts are the principals of the enterprise router.

After you share your enterprise router with other accounts, these principals can attach their network instances to your enterprise router, so that their network instances can access your enterprise router.

NOTE:

After the owner shares the enterprise router in region A with the principals, they can only use the enterprise router in region A.

This allows VPCs in the same region but different accounts to be attached to the same enterprise router.

This example uses account A, account B, and account C to describe how you can build a network using one enterprise router. Table 1 describes the resources of each account.

If account A shares enterprise router (ER-A) with account B and account C, the VPCs of accounts B and C can be attached to ER-A. Figure 1 shows the networking.

Table 1 Accounts and their resources

Account

Enterprise Router

VPC

A

ER-A

VPC-A-01

VPC-A-02

B

ER-B

VPC-B-01

C

ER-C

VPC-C-01

Figure 1 Attaching VPCs in different accounts to the same enterprise router

Allowed Operations by the Owner and Principals

The owner can perform all operations but the principals can perform only some of the operations. Table 2 lists the operations that other users can perform.
Table 2 Allowed operations by principals

Role

Allowed Operation

Description

Principals

Viewing an Enterprise Router

Principals can view:

The name of the shared enterprise router followed by Shared with me.

Adding attachments to an enterprise router

Creating a VPC Attachment

Principals:

  • Can only create VPC attachments.
  • Can create attachments to the shared enterprise router only after the owner account accepts the attachment requests.

    If Auto Accept Shared Attachments is enabled, a request from a principal for creating an attachment will be automatically accepted.

  • Cannot add tags to their created attachments to the shared enterprise router.

For details about the process for creating an attachment for an enterprise router in another account, see Creating Attachments to a Shared Enterprise Router.

Viewing an Attachment

Principals:

Cannot view the tags added of their attachments.

Changing the Name of an Attachment

Principals can change the names of their attachments created for the shared enterprise router.

Deleting a VPC Attachment

Principals can delete their attachments created for the shared enterprise router without the approval of the owner account.

NOTE:

Principals cannot view the Route tables, Sharing, Flow logs, and Tags tabs of the enterprise router.

Sharing an Enterprise Router with Principals

As the owner, you can share your enterprise router with other accounts. These other accounts are the principals and can use your enterprise after they accept the sharing request. Enterprise Router works with RAM to allow you to share your enterprise router with other accounts and provides two methods for you to share an enterprise router:
  • Method 1: Create a resource share, add the enterprise router to be shared, set the permissions of the principals who will use the shared enterprise router, and specify the users.
  • Method 2: If you already have an available resource share, add the enterprise router to the share and set the permission of the users who will use the shared enterprise router. You can reuse the users in the resource share or add other users as required.

Figure 2 shows the process of sharing an enterprise router.

Figure 2 Sharing an enterprise router with principals

You can share an enterprise router on the RAM or Enterprise Router console. Table 3 details the two methods of sharing an enterprise on the RAM console.

Table 3 Sharing an enterprise router with principals

Method

Description

Reference

Method 1

Creating a resource share:

  1. The owner selects the enterprise router to be shared. On the Sharing tab, the owner can switch to the RAM console to create a resource share and share the enterprise router with the principals.
    1. Select the enterprise router that you want to share with the principals.
    2. Set the permissions of the principals on the enterprise router to be shared.
    3. Specify the users who can use the shared enterprise router.
  2. On the RAM console, the principals accept or reject the resource share.
    • If the principals accept the sharing invitation, they can use the enterprise router.

      If the principals do not want to use the shared enterprise router, they can leave the resource share.

    • If the principals reject the sharing invitation, the enterprise router will not be shared.
  1. Owner: Creating a Sharing
  2. Principals: Responding to a Resource Sharing Invitation

    Principals: Leaving a Resource Share

Method 2

Adding an enterprise router to a resource share:

  1. The owner searches for the resource share on the RAM console.
  2. The owner adds the enterprise router to the resource share, for example, the resource share created in 1.
    1. Select the enterprise router that you want to share with the principals.
    2. Set the permissions of the principals on the enterprise router to be shared.
    3. Reuse the principals in the resource share or add new principals.
  3. On the RAM console, the principals accept or reject the resource share.
    • If the principals accept the sharing invitation, they can use the enterprise router.

      If the principals do not want to use the shared enterprise router, they can leave the resource share.

    • If the principals reject the sharing invitation, the enterprise router will not be shared.
  1. Owner: Viewing a Resource Share
  2. Owner: Updating a Resource Share
  3. Principals: Responding to a Resource Sharing Invitation

    Principals: Leaving a Resource Share

Creating Attachments to a Shared Enterprise Router

As the owner, you can share your enterprise router with the principals. These principals can create attachments for your enterprise router.
  • If Auto Accept Shared Attachments is not enabled on your enterprise router, you must accept the attachment creation requests from the principals.
    Figure 3 Accepting or rejecting attachment creation requests
    Table 4 Process description

    No.

    Step

    Role

    Description

    1

    Creating a Sharing

    Owner

    The owner creates a sharing to share an enterprise router with another user. This user can easily identify the shared enterprise router because its name is followed by Shared with me.

    2

    Creating a VPC Attachment

    Principal

    Auto Accept Shared Attachments is disabled on the enterprise router.

    After the principal creates an attachment to the shared enterprise router, the attachment will be in the Pending acceptance status and wait to be accepted by the owner.

    3

    Owner

    • The owner accepts the attachment request. The attachment status changes from Pending acceptance to Creating.
      • When the attachment status changes to Normal, the attachment is successfully created.
      • When the attachment status changes to Failed, the attachment fails to be created. Contact customer service.

      After an attachment is created, you can perform Follow-up Procedure.

    • The owner can also reject the attachment request. If the owner rejects the request, the attachment status changes from Pending acceptance to Rejected, and the attachment fails to be created. If this happens, contact the owner.
  • If Auto Accept Shared Attachments is enabled on an enterprise router, the principals' requests to create attachments to this enterprise router will be automatically accepted without the approval from the owner.
    Figure 4 Attachment requests automatically accepted
    Table 5 Process description

    No.

    Step

    Role

    Description

    1

    Creating a Sharing

    Owner

    The owner creates a sharing to share an enterprise router with another user. This user can easily identify the shared enterprise router because its name is followed by Shared with me.

    2

    Creating a VPC Attachment

    Principal

    Auto Accept Shared Attachments is enabled on the enterprise router.

    The principal creates an attachment to the shared enterprise router. The attachment will be in the Creating state.
    • When the attachment status changes to Normal, the attachment is successfully created.
    • When the attachment status changes to Failed, the attachment fails to be created. Contact customer service.

We use cookies to improve our site and your experience. By continuing to browse our site you accept our cookie policy. Find out more

Feedback

Feedback

Feedback

0/500

Selected Content

Submit selected content with the feedback