DocsICP FilingConsole
官方文档
首页

Cross-account ECR authorization

更新时间:
复制 MD 格式
产品详情
我的收藏

To add a Virtual Private Cloud (VPC) instance or a Virtual Border Router (VBR) instance from Alibaba Cloud account B to an Express Connect Router (ECR) instance in Alibaba Cloud account A, you must authorize the ECR instance in Account A from the VPC or VBR instance in Account B.

Example scenario

An enterprise has a Virtual Private Cloud (VPC) instance or Virtual Border Router (VBR) instance created under Alibaba Cloud account B in the China (Hangzhou) region. The enterprise also has an Express Connect Router (ECR) instance created under Alibaba Cloud account A. The goal is to connect the VPC or VBR instance from Account B to the ECR instance in Account A.

Limits

For security and compliance reasons, connecting a VBR instance and an ECR instance that belong to different Alibaba Cloud accounts is disabled by default. If your ECR instance needs to connect to a VBR instance across accounts, you must provide documentation proving the accounts belong to the same entity. Contact your customer manager with the documentation to enable this feature.

The following is an example of the required documentation:

Cross-account VPC authorization

You must authorize the ECR instance in Alibaba Cloud account A from the VPC instance in Alibaba Cloud account B. After authorization, the VPC instance in Account B can be associated with the ECR instance in Account A.

  1. Log on to the VPC console with Alibaba Cloud account B.

  2. In the top navigation bar, select the region where the VPC is deployed.

  3. On the VPC page, find the target VPC and click its ID.

  4. On the VPC details page, click the Cross-account Authorization tab, and then click Express Connect Router (ECR).

  5. On the Express Connect Router (ECR) tab, click Cross-account Authorization on ECR .

  6. In the ECR Account Authorization dialog box, configure the following parameters and click OK.

    Parameter

    Description

    Peer Account UID

    Enter the account ID of Alibaba Cloud account A, which owns the target ECR instance.

    Peer ECR ID

    Enter the ID of the target ECR instance.

  7. On the Express Connect Router (ECR) tab, you can view the Peer Account UID , Peer ECR ID , and Authorized At for each successful authorization. To revoke an authorization:

    1. Find the target Peer Account UID and click Revoke Authorization in the Actions column.

    2. In the message that appears, click OK.

Cross-account VBR authorization

You must authorize the ECR instance in Alibaba Cloud account A from the VBR instance in Alibaba Cloud account B. After authorization, the VBR instance in Account B can be associated with the ECR instance in Account A.

  1. Log on to the Express Connect console with Alibaba Cloud account B.

  2. In the top navigation bar, select the target region. In the left-side navigation pane, click Virtual Border Routers (VBRs).

  3. On the Virtual Border Router (VBR) page, click the ID of the target VBR instance.

  4. On the ECR Authorization tab, click ECR Account Authorization.

  5. In the ECR Account Authorization dialog box, configure the following parameters and click OK.

    Parameter

    Description

    Peer Account UID

    Enter the account ID of Alibaba Cloud account A, which owns the target ECR instance.

    Peer ECR ID

    Enter the ID of the target ECR instance.

  6. On the ECR Authorization tab, you can view the Peer ECR ID , Peer Account UID , and Created At for each successful authorization. To revoke an authorization:

    1. Find the target Peer Account UID and click Delete in the Actions column.

    2. In the message that appears, click OK.

Related documentation

Create and manage Express Connect Router instances

Previous:Manage the service-linked roleNext:Route policies