Sign in Subscribe
3 min read

Streamlining Cloud Operations: Alibaba Cloud Multi-Account Management

  • Overview of VPC sharing
  • Resource owner operations
  • Create cloud resources in a shared vSwitch as a principal
  • Use a resource directory to share a VPC with multiple Alibaba Cloud accounts

Overview of VPC Sharing

Introduction

Virtual Private Cloud (VPC) is a cloud computing environment that enables users to create a virtual network to manage their cloud resources. It provides a secure and isolated environment for the user's resources to operate. VPC sharing is a feature that allows users to share their VPC resources with other Alibaba Cloud accounts. It is useful for companies that have multiple accounts with different departments and want to share their resources. In this blog post, we will discuss in detail the operations of resource owners, how to create cloud resources in a shared vSwitch, and how to use a resource directory to share a VPC with multiple Alibaba Cloud accounts.

Resource Owner Operations

Resource owners have the responsibility of creating and managing cloud resources in a shared VPC. They can create and manage VPCs, vSwitches, and Elastic Compute Service (ECS) instances. Resource owners can also grant permissions to other accounts to access their resources. They can create a resource directory to manage the access control of their resources.

Resource owners can create a VPC and vSwitch by following these steps:

Step 1: Log in to the Alibaba Cloud console and navigate to the VPC console.

Step 2: Click on the "Create VPC" button and select the desired region.

Step 3: Enter the appropriate network information such as the CIDR block and VPC name.

Step 4: Click on the "Create vSwitch" button and select the VPC you just created.

Step 5: Enter the appropriate network information such as CIDR block and vSwitch name.

Step 6: Create a shared vSwitch within the VPC. Ensure that the "Share Type" is set to "Shared" to allow other accounts to use this vSwitch.

After creating a VPC and vSwitch, resource owners can create ECS instances in the vSwitch. They can also grant permissions to other accounts to access their resources.

Create Cloud Resources in a Shared vSwitch as a Principal

Creating cloud resources in a shared vSwitch is easy. The resource owner can create the resources and grant permissions to the principal to access them. Let's take a look at an example of how to create cloud resources in a shared vSwitch as a principal.

Step 1: Creating Cloud Resources

Launch an ECS instance:

  • Select the desired region, availability zone, and instance type.
  • Configure the network settings, selecting the shared vSwitch created in Step 1.
  • Customize any additional settings according to your requirements.
  • Complete the instance creation process.

Configuring Security Groups:

  • Create a security group that defines the inbound and outbound traffic rules for your ECS instance.
  • Associate the security group with the ECS instance created in the previous step.

Setting Up a Server Load Balancer (SLB):

  • Navigate to the SLB console and create a new SLB instance.
  • Configure the network settings, associating the SLB with the shared vSwitch.
  • Customize the SLB settings, such as backend servers, listeners, and health checks, as per your needs.
  • Complete the SLB creation process.

Step 2: Testing and Verification

Access the ECS instance:

  • Obtain the public IP address or domain name associated with the ECS instance.
  • Use SSH or RDP to connect to the instance.

Test the connectivity:

  • Ping external servers from the ECS instance to verify the network connectivity.
  • Access websites or services hosted on the ECS instance to ensure proper functioning.

Use a Resource Directory to Share a VPC with Multiple Alibaba Cloud Accounts

A resource directory is a feature that allows the resource owner to manage the access control of their resources. It enables the resource owner to grant permissions to other accounts to access their resources. The resource owner can create a resource directory and add the accounts that they want to share their resources with.

Let's take a look at an example of how to use a resource directory to share a VPC with multiple Alibaba Cloud accounts.

Step 1: Log in to the Alibaba Cloud console as a resource owner.

Step 2: Click on the "Resource Directory" button and select the desired region.

Step 3: Click on the "Create Resource Directory" button and enter the appropriate information such as name and description.

Step 4: After creating the resource directory, the resource owner can add the accounts that they want to share their resources with.

Step 5: The added accounts will receive an invitation email to accept the invitation. After accepting the invitation, they can access the shared resources.

Conclusion

VPC sharing is a useful feature for companies that have multiple accounts with different departments and want to share their resources. Resource owners have the responsibility of creating and managing cloud resources in a shared VPC. They can create and manage VPCs, vSwitches, and ECS instances. Resource owners can create a resource directory to manage the access control of their resources. Alibaba Cloud provides an easy-to-use console for creating and managing VPCs and vSwitches.

Published by:

Bhavesh Panchal