Sharing Overview

What Is Sharing?

You can share an enterprise router in your account with other accounts.

You are the owner of the enterprise router.
Other accounts are the users of the enterprise router.

After you share your enterprise router with other accounts, these other users can attach their network instances to your enterprise router, so that their network instances can access your enterprise router.

After the owner shares the enterprise router in region A with other accounts, the recipients can only use the enterprise router in region A.

You can share an enterprise router in your account with other accounts so that these other accounts can attach their VPCs to your enterprise router.

This example uses account A, account B, and account C to describe how you can build a network using one enterprise router. Table 1 describes the resources of each account.

If account A shares enterprise router (ER-A) with account B and account C, the VPCs of accounts B and C can be attached to ER-A. Figure 1 shows the networking.

**Table 1** Accounts and their resources
Account	Enterprise Router	VPC
A	ER-A	VPC-A-01 VPC-A-02
B	ER-B	VPC-B-01
C	ER-C	VPC-C-01

Figure 1 Attaching VPCs in different accounts to the same enterprise router

Allowed Operations by the Owner and Other Users

The owner can perform all operations but these other users can perform only some of the operations. Table 2 lists the operations that other users can perform.

**Table 2** Allowed operations by other users
Role	Allowed Operation	Description
Other users (user accounts)	Viewing an Enterprise Router	Other users can view: The name of the shared enterprise router followed by Shared with me.
	Adding attachments to an enterprise router Creating a VPC Attachment	Other users: Can only create VPC attachments. Can create attachments to the shared enterprise router only after the owner account accepts the attachment requests. If Auto Accept Shared Attachments is enabled, a request from a user for creating an attachment will be automatically accepted. Cannot add tags to their created attachments to the shared enterprise router. For details about the process for creating an attachment for an enterprise router in another account, see Sharing an Enterprise Router with Other Users.
	Viewing an Attachment	Other users: Cannot view the tags added of their attachments.
	Changing the Name of an Attachment	Other users can change the names of their attachments created for the shared enterprise router.
	Deleting a VPC Attachment	Other users can delete their attachments created for the shared enterprise router without the approval of the owner account.

Other users cannot view the Route tables, Sharing, Flow logs, and Tags tabs of the enterprise router.

Sharing an Enterprise Router with Other Users

As the owner, you can share your enterprise router with other users. These other users can create attachments for your enterprise router.

If Auto Accept Shared Attachments is not enabled on your enterprise router, you must accept the attachment creation requests from other users.

Figure 2 Accepting or rejecting attachment creation requests

**Table 3** Process description
No.	Step	Role	Description
1	Creating a Sharing	Owner	The owner creates a sharing to share an enterprise router with another user. This user can easily identify the shared enterprise router because its name is followed by Shared with me.
2	Creating a VPC Attachment	User	The user creates an attachment to the shared enterprise router. The attachment will be in the Pending acceptance state because Auto Accept Shared Attachments is disabled on the enterprise router.
3	Accepting an Attachment Request Rejecting an Attachment Request	Owner	The owner accepts the attachment request. The attachment status changes from Pending acceptance to Creating. When the attachment status changes to Normal, the attachment is successfully created. When the attachment status changes to Failed, the attachment fails to be created. Contact customer service. After an attachment is created, you can perform Follow-up Procedure. The owner can also reject the attachment request. If the owner rejects the request, the attachment status changes from Pending acceptance to Rejected, and the attachment fails to be created. If this happens, contact the owner.

If Auto Accept Shared Attachments is enabled on an enterprise router, the other users' requests to create attachments to this enterprise router will be automatically accepted without the approval from the owner.

Figure 3 Attachment requests automatically accepted

**Table 4** Process description
No.	Step	Role	Description
1	Creating a Sharing	Owner	The owner creates a sharing to share an enterprise router with another user. This user can easily identify the shared enterprise router because its name is followed by Shared with me.
2	Creating a VPC Attachment	User account	Auto Accept Shared Attachments is enabled on the enterprise router. The user creates an attachment to the shared enterprise router. The attachment will be in the Creating state. When the attachment status changes to Normal, the attachment is successfully created. When the attachment status changes to Failed, the attachment fails to be created. Contact customer service.