Help Center/ GaussDB(DWS)/ FAQs/ Product Consulting/ How Do I Use VPC Sharing to Process GaussDB(DWS) Resources?

Updated on 2024-10-21 GMT+08:00

View PDF

How Do I Use VPC Sharing to Process GaussDB(DWS) Resources?

Context

The VPC Sharing feature enables multiple accounts to create cloud resources like GaussDB(DWS) clusters, ELBs, and ECSs within a shared VPC that is centrally managed. It empowers the VPC owner to distribute access to subnets within the VPC across various accounts. Through VPC sharing, you can easily configure and manage multiple accounts' resources at low costs. For more information, see VPC Sharing .

Constraints and Limitations

The subnets of the owner and those of the principals are in the same VPC, so resources in these subnets can communicate with each other by default. The owner and principals can create resources in a shared subnet. If the resources are associated with different security groups, they are isolated from each other. If you want the resources to communicate with each other, you need to add security group rules. For details, see Adding a Security Group Rule.
For instance, to enable mutual access between the GaussDB(DWS) security groups of accounts A and B, inbound rules should be added to both groups, specifying the other's security group as the source.
A principal can receive a maximum of 100 subnet shares.
A subnet can be shared with a maximum of 100 principals.

Operation Permissions of the Owner and Principles in a Shared VPC

The owner and principals of a shared subnet have different operation permissions on the subnet and associated resources. For details, see Table 1.

**Table 1** Operation Permissions of the owner and principles in a shared VPC
Role	When a Share Is Accepted	When a Share Is Stopped	When the Principals Leave a Share
Owner	The owner cannot modify or delete resources created by principals, such as GaussDB(DWS) clusters, ECSs, and ELBs. The owner can view information such as the IP address and ID of the resource created by principals on the IP Addresses tab of the shared subnet.	The owner can use, delete, and manage all resources in the VPC. If principals have resources in the subnet, the owner cannot delete the shared subnet or the VPC where the shared subnet belongs after the share is stopped.	The owner can use, delete, and manage all resources in the VPC. If principals have resources in the subnet, the owner cannot delete the shared subnet or the VPC where the shared subnet belongs after the principals leave the share.
Principal	Principals can create resources, such as ECSs, load balancers, and RDS instances, in the shared VPC. Principals can view information such as the IP address and ID of the resource created by themselves on the IP Addresses tab of the shared subnet.	Principals can use the existing resources created by themselves, but cannot create resources in the shared subnet.	Principals can use the existing resources created by themselves, but cannot create resources in the shared subnet.

Using GaussDB(DWS) Resources in a Shared VPC

You can create a subnet share on the RAM or VPC console. For details, see Table 2.
After the share is created, you can select shared VPC resources in the Configure Network > VPC page when creating a GaussDB(DWS) cluster.

**Table 2** Process for sharing a subnet
Method	Description	Operation
Method A	On the RAM console, the owner creates a resource share. Select a subnet to be shared. Select permissions to grant to principals on the shared subnet. Specify principals that can use the shared subnet. On the RAM console, principals accept or reject the resource share. If principals accept the resource share, they can use the shared subnet. If principals do not want to use the shared subnet, they can leave the resource share. If principals reject the resource share, they cannot use the subnet.	Creating a Share Responding to a Resource Sharing Invitation Leaving a Resource Share
Method B	On the RAM console, the owner creates a resource share. Select a subnet to be shared. Select permissions to grant to principals on the shared subnet. Specify principals that can use the shared subnet. On the VPC console, the owner shares a subnet and adds it to the resource share created in 1. On the RAM console, principals accept or reject the resource share. If principals accept the resource share, they can use the shared subnet. If principals do not want to use the shared subnet, they can leave the resource share. If principals reject the resource share, they cannot use the subnet.	Creating a Share Sharing a Subnet with Other Accounts Responding to a Resource Sharing Invitation Leaving a Resource Share

Parent topic: Product Consulting

Feedback

Was this page helpful?

Helpful Not helpful

Provide feedback

Thank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.

The system is busy. Please try again later.

Which of the following issues have you encountered?

Content is inconsistent with the product UI

Unclear descriptions

Lack of examples or code

Incorrect steps

Can't find what I need

Lack of best practices

Feedback (optional)

0/500

Select at least one type of issue, and enter your comments or suggestions.

Enter a maximum of 500 characters.

Submit Cancel

For any further questions, feel free to contact us through the chatbot.

Chatbot