Help Center/ GaussDB(DWS)/ FAQs/ Product Consulting/ How Do I Use VPC Sharing to Process GaussDB(DWS) Resources?
Updated on 2024-10-21 GMT+08:00

How Do I Use VPC Sharing to Process GaussDB(DWS) Resources?

Context

The VPC Sharing feature enables multiple accounts to create cloud resources like GaussDB(DWS) clusters, ELBs, and ECSs within a shared VPC that is centrally managed. It empowers the VPC owner to distribute access to subnets within the VPC across various accounts. Through VPC sharing, you can easily configure and manage multiple accounts' resources at low costs. For more information, see VPC Sharing .

Constraints and Limitations

  • The subnets of the owner and those of the principals are in the same VPC, so resources in these subnets can communicate with each other by default. The owner and principals can create resources in a shared subnet. If the resources are associated with different security groups, they are isolated from each other. If you want the resources to communicate with each other, you need to add security group rules. For details, see Adding a Security Group Rule.

    For instance, to enable mutual access between the GaussDB(DWS) security groups of accounts A and B, inbound rules should be added to both groups, specifying the other's security group as the source.

  • A principal can receive a maximum of 100 subnet shares.
  • A subnet can be shared with a maximum of 100 principals.

Operation Permissions of the Owner and Principles in a Shared VPC

The owner and principals of a shared subnet have different operation permissions on the subnet and associated resources. For details, see Table 1.

Table 1 Operation Permissions of the owner and principles in a shared VPC

Role

When a Share Is Accepted

When a Share Is Stopped

When the Principals Leave a Share

Owner

  • The owner cannot modify or delete resources created by principals, such as GaussDB(DWS) clusters, ECSs, and ELBs.
  • The owner can view information such as the IP address and ID of the resource created by principals on the IP Addresses tab of the shared subnet.
  • The owner can use, delete, and manage all resources in the VPC.
  • If principals have resources in the subnet, the owner cannot delete the shared subnet or the VPC where the shared subnet belongs after the share is stopped.
  • The owner can use, delete, and manage all resources in the VPC.
  • If principals have resources in the subnet, the owner cannot delete the shared subnet or the VPC where the shared subnet belongs after the principals leave the share.

Principal

  • Principals can create resources, such as ECSs, load balancers, and RDS instances, in the shared VPC.
  • Principals can view information such as the IP address and ID of the resource created by themselves on the IP Addresses tab of the shared subnet.

Principals can use the existing resources created by themselves, but cannot create resources in the shared subnet.

Principals can use the existing resources created by themselves, but cannot create resources in the shared subnet.

Using GaussDB(DWS) Resources in a Shared VPC

  1. You can create a subnet share on the RAM or VPC console. For details, see Table 2.
  2. After the share is created, you can select shared VPC resources in the Configure Network > VPC page when creating a GaussDB(DWS) cluster.
Table 2 Process for sharing a subnet

Method

Description

Operation

Method A

  1. On the RAM console, the owner creates a resource share.
    1. Select a subnet to be shared.
    2. Select permissions to grant to principals on the shared subnet.
    3. Specify principals that can use the shared subnet.
  2. On the RAM console, principals accept or reject the resource share.
    • If principals accept the resource share, they can use the shared subnet.

      If principals do not want to use the shared subnet, they can leave the resource share.

    • If principals reject the resource share, they cannot use the subnet.
  1. Creating a Share
  2. Responding to a Resource Sharing Invitation

    Leaving a Resource Share

Method B

  1. On the RAM console, the owner creates a resource share.
    1. Select a subnet to be shared.
    2. Select permissions to grant to principals on the shared subnet.
    3. Specify principals that can use the shared subnet.
  2. On the VPC console, the owner shares a subnet and adds it to the resource share created in 1.
  3. On the RAM console, principals accept or reject the resource share.
    • If principals accept the resource share, they can use the shared subnet.

      If principals do not want to use the shared subnet, they can leave the resource share.

    • If principals reject the resource share, they cannot use the subnet.
  1. Creating a Share
  2. Sharing a Subnet with Other Accounts
  3. Responding to a Resource Sharing Invitation

    Leaving a Resource Share