Sharable Resources

Virtual Private Cloud (VPC)

vpc:subnet

Supported

VPC sharing allows multiple accounts to create and manage cloud resources, such as ECSs, load balancers, and RDS instances, in one VPC. The owner of a VPC can share subnets in the VPC with one or more accounts. This way, you can centrally manage resources across multiple accounts, improving the resource management efficiency and reducing O&M costs.

For more information, see VPC Sharing Overview.

Domain Name Service (DNS)

dns:zone

Supported

Working with RAM, DNS allows you to share private zones across accounts if you are the owner of these private zones. When a resource owner shares private zones with you and you accept the resource sharing invitation, you can access and use the private zones.

For more information, see Sharing a Private Zone.

dns:resolverRule

Supported

Working with RAM, DNS allows you to share endpoint rules across accounts if you are the owner of these endpoint rules. When a resource owner shares endpoint rules with you and you accept the resource sharing invitation, you can access and use the endpoint rules.

For more information, see Sharing an Endpoint Rule.

SSL Certificate Manager (SCM)

scm:cert

Supported

SCM allows you to share an SSL certificate with all member accounts in the same organizational unit. These member accounts can then deploy the shared certificate on services such as ELB, WAF, and CDN to enable HTTPS.

For more information, see Certificate Sharing Overview.

Private Certificate Authority (PCA)

pca:ca

Supported

PCA allows you to share a private CA with all member accounts in the same organizational unit. These member accounts can then use the shared CA to issue certificates.

For more information, see Private CA Sharing Overview.

Enterprise Router

er:instances

Supported

Working with RAM, Enterprise Router allows you to share enterprise routers in one account with other accounts so that these accounts can attach their network instances to your enterprise router for network connectivity. With resource sharing, you can connect VPCs of different accounts to the same enterprise router for same-region networking on the cloud.

For more information, see Sharing Overview.

FunctionGraph

functiongraph:function

Supported

Working with RAM, FunctionGraph allows you to share functions across accounts if you are the owner of these functions. When a resource owner shares functions with you and you accept the sharing invitation, you can access and use the functions.

For more information, see Function Sharing Overview.

Application Native Cloud (ANC)

anc:service

Supported

Working with RAM, you can share ANC resources in one account with other accounts. The shared ANC resources can then be accessed by clients in VPCs of different accounts. This way, you can manage resources across multiple accounts more easily and efficiently.

anc:anc

Supported

Working with RAM, you can share ANC resources in one account with other accounts. The shared ANC resources can then be accessed by clients in VPCs of different accounts, making it possible to centrally manage resources across multiple accounts.

NAT Gateway

nat:transitSubnet

Supported

Working with RAM, NAT Gateway transit subnet owners can share their transit subnets with other accounts at the same time. Once accepting the sharing invitations, the accounts (principals) can create transit IP addresses in the subnets to connect VPCs across accounts.

Data Encryption Workshop (DEW)

kms:KeyId

Supported

To share your KMS resources with other accounts, you need to first create a resource share. During the creation, you need to specify the resources to share, associate permissions with each resource type, specify the principals to grant access, and confirm the configuration details.

You can use shared KMS to encrypt the secrets and key pairs in DEW, and create an encryption task for instances in Relational Database Service (RDS), Document Database Service (DDS), and Object Storage Service (OBS).

For more information, see Sharing Overview.