Help Center/ GaussDB(DWS)/ FAQs/ Product Consulting/ How Do I Use VPC Sharing to Process GaussDB(DWS) Resources?
Updated on 2025-07-22 GMT+08:00

How Do I Use VPC Sharing to Process GaussDB(DWS) Resources?

Context

With VPC sharing, multiple accounts can create cloud resources such as GaussDB(DWS) clusters, ELBs, and ECSs within a single, centrally managed VPC. It empowers the VPC owner to distribute access to subnets within the VPC across various accounts. Through VPC sharing, you can easily configure and manage multiple accounts' resources at low costs. For more information, see VPC Sharing.

Constraints and Limitations

  • The subnets of the owner and those of the principals are in the same VPC, so resources in these subnets can communicate with each other by default. The owner and principals can create resources in a shared subnet. If the resources are associated with different security groups, they are isolated from each other. If you want the resources to communicate with each other, you need to add security group rules. For details, see Adding a Security Group Rule.

    For example, to allow mutual access between accounts A and B's GaussDB(DWS) security groups, add inbound rules to each group with the other group specified as the source.

  • A principal can receive a maximum of 100 subnet shares.
  • A subnet can be shared with a maximum of 100 principals.

Operation Permissions of the Owner and Principles in a Shared VPC

The owner and principals of a shared subnet have different operation permissions on the subnet and associated resources. For details, see Table 1.

Table 1 Operation Permissions of the owner and principles in a shared VPC

Role

When a Share Is Accepted

When a Share Is Stopped

When the Principals Leave a Share

Owner

  • The owner cannot modify or delete resources created by principals, such as GaussDB(DWS) clusters, ECSs, and ELBs.
  • The owner can view information such as the IP address and ID of the resource created by principals on the IP Addresses tab of the shared subnet.
  • The owner can use, delete, and manage all resources in the VPC.
  • If principals have resources in the subnet, the owner cannot delete the shared subnet or the VPC where the shared subnet belongs after the share is stopped.
  • The owner can use, delete, and manage all resources in the VPC.
  • If principals have resources in the subnet, the owner cannot delete the shared subnet or the VPC where the shared subnet belongs after the principals leave the share.

Principal

  • Principals can create resources, such as ECSs, load balancers, and RDS instances, in the shared VPC.
  • Principals can view information such as the IP address and ID of the resource created by themselves on the IP Addresses tab of the shared subnet.

Principals can use the existing resources created by themselves, but cannot create resources in the shared subnet.

Principals can use the existing resources created by themselves, but cannot create resources in the shared subnet.

Using GaussDB(DWS) Resources in a Shared VPC

  1. Share a subnet on the RAM console or VPC console. For details, see Table 2.
  2. When creating a GaussDB(DWS) cluster, select shared VPC resources on the Configure Network > VPC page after the share is created.
Table 2 Process for sharing a subnet

Method

Description

Operation

Method A

  1. On the RAM console, the owner creates a resource share.
    1. Select a subnet to be shared.
    2. Select permissions to grant to principals on the shared subnet.
    3. Specify principals that can use the shared subnet.
  2. On the RAM console, principals accept or reject the resource share.
    • If principals accept the resource share, they can use the shared subnet.

      If principals do not want to use the shared subnet, they can leave the resource share.

    • If principals reject the resource share, they cannot use the subnet.
  1. "Creating a Share"
  2. Responding to a Resource Sharing Invitation

    Leaving a Resource Share

Method B

  1. On the RAM console, the owner creates a resource share.
    1. Select a subnet to be shared.
    2. Select permissions to grant to principals on the shared subnet.
    3. Specify principals that can use the shared subnet.
  2. On the VPC console, the owner shares a subnet and adds it to the resource share created in 1.
  3. On the RAM console, principals accept or reject the resource share.
    • If principals accept the resource share, they can use the shared subnet.

      If principals do not want to use the shared subnet, they can leave the resource share.

    • If principals reject the resource share, they cannot use the subnet.
  1. "Creating a Share"
  2. Sharing a Subnet with Other Accounts
  3. Responding to a Resource Sharing Invitation

    Leaving a Resource Share