- Release Notes and Announcements
- Tencent Cloud Network Overview
- Product Introduction
- Purchase Guide
- Quick Start
- Operation Guide
- Network Topology
- Virtual Private Cloud (VPC)
- Subnets
- Route Tables
- IPs and ENIs
- Bandwidth Package
- Network Connection
- Security Management
- Diagnostic Tools
- Alarming and Monitoring
- Sharing VPC Subnet Resource
- Best Practices
- View the Total Bandwidth for Single-Region Traffic-Based Billing
- Migrating from the Classic Network to VPC
- Best Practices of Security Group Change
- Configuring CVM Instance as Public Gateway
- Building HA Primary/Secondary Cluster with HAVIP + Keepalived
- Creating a High-availability Database by Using HAVIP + Windows Server Failover Cluster
- Hybrid Cloud Primary/Secondary Communication (DC and VPN)
- Hybrid Cloud Primary/Secondary Communication (CCN and VPN)
- CVM Access to Internet Through EIP
- Troubleshooting
- API Documentation
- History
- Introduction
- API Category
- Making API Requests
- VPC APIs
- DeleteTrafficPackages
- DescribeUsedIpAddress
- DescribeAccountAttributes
- CreateDefaultVpc
- CreateVpc
- ModifyVpcAttribute
- DescribeVpcs
- DescribeVpcPrivateIpAddresses
- DescribeVpcInstances
- DeleteVpc
- AttachClassicLinkVpc
- DescribeClassicLinkInstances
- DetachClassicLinkVpc
- AssignIpv6CidrBlock
- DescribeVpcIpv6Addresses
- UnassignIpv6CidrBlock
- CreateAssistantCidr
- ModifyAssistantCidr
- DescribeAssistantCidr
- CheckAssistantCidr
- DeleteAssistantCidr
- DescribeVpcResourceDashboard
- ModifyLocalGateway
- DescribeLocalGateway
- DeleteLocalGateway
- CreateLocalGateway
- AdjustPublicAddress
- DescribeTrafficPackages
- Subnet APIs
- Route Table APIs
- EIP APIs
- Highly Available Virtual IP APIs
- ENI APIs
- AssignPrivateIpAddresses
- UnassignPrivateIpAddresses
- ModifyNetworkInterfaceAttribute
- DetachNetworkInterface
- DescribeNetworkInterfaces
- CreateNetworkInterface
- AttachNetworkInterface
- MigratePrivateIpAddress
- MigrateNetworkInterface
- DeleteNetworkInterface
- ModifyPrivateIpAddressesAttribute
- UnassignIpv6Addresses
- ModifyIpv6AddressesAttribute
- AssignIpv6Addresses
- DescribeNetworkInterfaceLimit
- DisassociateNetworkInterfaceSecurityGroups
- AssociateNetworkInterfaceSecurityGroups
- CreateAndAttachNetworkInterface
- IP Location APIs
- Bandwidth Package APIs
- NAT Gateway APIs
- DescribeNatGateways
- ResetNatGatewayConnection
- ModifyNatGatewayDestinationIpPortTranslationNatRule
- ModifyNatGatewayAttribute
- DisassociateNatGatewayAddress
- DescribeNatGatewayDestinationIpPortTranslationNatRules
- DeleteNatGatewayDestinationIpPortTranslationNatRule
- DeleteNatGateway
- CreateNatGatewayDestinationIpPortTranslationNatRule
- CreateNatGateway
- AssociateNatGatewayAddress
- ModifyNatGatewaySourceIpTranslationNatRule
- DescribeNatGatewaySourceIpTranslationNatRules
- DeleteNatGatewaySourceIpTranslationNatRule
- CreateNatGatewaySourceIpTranslationNatRule
- RefreshDirectConnectGatewayRouteToNatGateway
- DescribeNatGatewayDirectConnectGatewayRoute
- VPN Gateway APIs
- GenerateVpnConnectionDefaultHealthCheckIp
- ResetVpnGatewayInternetMaxBandwidth
- ResetVpnConnection
- RenewVpnGateway
- ModifyVpnGatewayAttribute
- ModifyVpnConnectionAttribute
- ModifyCustomerGatewayAttribute
- InquiryPriceResetVpnGatewayInternetMaxBandwidth
- InquiryPriceRenewVpnGateway
- InquiryPriceCreateVpnGateway
- DownloadCustomerGatewayConfiguration
- DescribeVpnGateways
- DescribeVpnConnections
- DescribeCustomerGateways
- DescribeCustomerGatewayVendors
- DeleteVpnGateway
- DeleteVpnConnection
- DeleteCustomerGateway
- CreateVpnGateway
- CreateVpnConnection
- CreateCustomerGateway
- ModifyVpnGatewayCcnRoutes
- DescribeVpnGatewayCcnRoutes
- ModifyVpnGatewayRoutes
- DescribeVpnGatewayRoutes
- DeleteVpnGatewayRoutes
- CreateVpnGatewayRoutes
- SetVpnGatewaysRenewFlag
- Direct Connect Gateway APIs
- ReplaceDirectConnectGatewayCcnRoutes
- DescribeDirectConnectGatewayCcnRoutes
- DeleteDirectConnectGatewayCcnRoutes
- CreateDirectConnectGatewayCcnRoutes
- CreateDirectConnectGateway
- ModifyDirectConnectGatewayAttribute
- DescribeDirectConnectGateways
- DeleteDirectConnectGateway
- DisassociateDirectConnectGatewayNatGateway
- AssociateDirectConnectGatewayNatGateway
- InquirePriceCreateDirectConnectGateway
- Cloud Connect Network APIs
- SetCcnRegionBandwidthLimits
- ModifyCcnAttribute
- EnableCcnRoutes
- DisableCcnRoutes
- DetachCcnInstances
- DescribeCcns
- DescribeCcnRoutes
- DescribeCcnRegionBandwidthLimits
- DescribeCcnAttachedInstances
- DeleteCcn
- CreateCcn
- AttachCcnInstances
- ResetAttachCcnInstances
- RejectAttachCcnInstances
- AcceptAttachCcnInstances
- ModifyCcnRegionBandwidthLimitsType
- GetCcnRegionBandwidthLimits
- DescribeCrossBorderCompliance
- AuditCrossBorderCompliance
- ModifyCcnAttachedInstancesAttribute
- Security Group APIs
- ReplaceSecurityGroupPolicies
- DeleteSecurityGroup
- DescribeSecurityGroupPolicies
- ModifySecurityGroupAttribute
- CreateSecurityGroup
- CreateSecurityGroupPolicies
- DescribeSecurityGroups
- DeleteSecurityGroupPolicies
- ModifySecurityGroupPolicies
- ReplaceSecurityGroupPolicy
- DescribeSecurityGroupAssociationStatistics
- DescribeSecurityGroupReferences
- CreateSecurityGroupWithPolicies
- CloneSecurityGroup
- Network ACL APIs
- Network Parameter Template-Related APIs
- CreateAddressTemplate
- CreateAddressTemplateGroup
- CreateServiceTemplate
- CreateServiceTemplateGroup
- DeleteAddressTemplate
- DeleteAddressTemplateGroup
- DeleteServiceTemplate
- DeleteServiceTemplateGroup
- DescribeAddressTemplateGroups
- DescribeAddressTemplates
- DescribeServiceTemplateGroups
- DescribeServiceTemplates
- ModifyAddressTemplateAttribute
- ModifyAddressTemplateGroupAttribute
- ModifyServiceTemplateAttribute
- ModifyServiceTemplateGroupAttribute
- Network Detection-Related APIs
- Flow Log APIs
- Gateway Traffic Monitor APIs
- Private Link APIs
- CreateVpcEndPointService
- DescribeVpcEndPointService
- ModifyVpcEndPointServiceAttribute
- DeleteVpcEndPointService
- CreateVpcEndPointServiceWhiteList
- DescribeVpcEndPointServiceWhiteList
- ModifyVpcEndPointServiceWhiteList
- EnableVpcEndPointConnect
- DeleteVpcEndPointServiceWhiteList
- DescribeVpcEndPoint
- CreateVpcEndPoint
- ModifyVpcEndPointAttribute
- DeleteVpcEndPoint
- DisassociateVpcEndPointSecurityGroups
- Snapshot Policy APIs
- Other APIs
- Data Types
- Error Codes
- FAQs
- Contact Us
- Glossary
- Release Notes and Announcements
- Tencent Cloud Network Overview
- Product Introduction
- Purchase Guide
- Quick Start
- Operation Guide
- Network Topology
- Virtual Private Cloud (VPC)
- Subnets
- Route Tables
- IPs and ENIs
- Bandwidth Package
- Network Connection
- Security Management
- Diagnostic Tools
- Alarming and Monitoring
- Sharing VPC Subnet Resource
- Best Practices
- View the Total Bandwidth for Single-Region Traffic-Based Billing
- Migrating from the Classic Network to VPC
- Best Practices of Security Group Change
- Configuring CVM Instance as Public Gateway
- Building HA Primary/Secondary Cluster with HAVIP + Keepalived
- Creating a High-availability Database by Using HAVIP + Windows Server Failover Cluster
- Hybrid Cloud Primary/Secondary Communication (DC and VPN)
- Hybrid Cloud Primary/Secondary Communication (CCN and VPN)
- CVM Access to Internet Through EIP
- Troubleshooting
- API Documentation
- History
- Introduction
- API Category
- Making API Requests
- VPC APIs
- DeleteTrafficPackages
- DescribeUsedIpAddress
- DescribeAccountAttributes
- CreateDefaultVpc
- CreateVpc
- ModifyVpcAttribute
- DescribeVpcs
- DescribeVpcPrivateIpAddresses
- DescribeVpcInstances
- DeleteVpc
- AttachClassicLinkVpc
- DescribeClassicLinkInstances
- DetachClassicLinkVpc
- AssignIpv6CidrBlock
- DescribeVpcIpv6Addresses
- UnassignIpv6CidrBlock
- CreateAssistantCidr
- ModifyAssistantCidr
- DescribeAssistantCidr
- CheckAssistantCidr
- DeleteAssistantCidr
- DescribeVpcResourceDashboard
- ModifyLocalGateway
- DescribeLocalGateway
- DeleteLocalGateway
- CreateLocalGateway
- AdjustPublicAddress
- DescribeTrafficPackages
- Subnet APIs
- Route Table APIs
- EIP APIs
- Highly Available Virtual IP APIs
- ENI APIs
- AssignPrivateIpAddresses
- UnassignPrivateIpAddresses
- ModifyNetworkInterfaceAttribute
- DetachNetworkInterface
- DescribeNetworkInterfaces
- CreateNetworkInterface
- AttachNetworkInterface
- MigratePrivateIpAddress
- MigrateNetworkInterface
- DeleteNetworkInterface
- ModifyPrivateIpAddressesAttribute
- UnassignIpv6Addresses
- ModifyIpv6AddressesAttribute
- AssignIpv6Addresses
- DescribeNetworkInterfaceLimit
- DisassociateNetworkInterfaceSecurityGroups
- AssociateNetworkInterfaceSecurityGroups
- CreateAndAttachNetworkInterface
- IP Location APIs
- Bandwidth Package APIs
- NAT Gateway APIs
- DescribeNatGateways
- ResetNatGatewayConnection
- ModifyNatGatewayDestinationIpPortTranslationNatRule
- ModifyNatGatewayAttribute
- DisassociateNatGatewayAddress
- DescribeNatGatewayDestinationIpPortTranslationNatRules
- DeleteNatGatewayDestinationIpPortTranslationNatRule
- DeleteNatGateway
- CreateNatGatewayDestinationIpPortTranslationNatRule
- CreateNatGateway
- AssociateNatGatewayAddress
- ModifyNatGatewaySourceIpTranslationNatRule
- DescribeNatGatewaySourceIpTranslationNatRules
- DeleteNatGatewaySourceIpTranslationNatRule
- CreateNatGatewaySourceIpTranslationNatRule
- RefreshDirectConnectGatewayRouteToNatGateway
- DescribeNatGatewayDirectConnectGatewayRoute
- VPN Gateway APIs
- GenerateVpnConnectionDefaultHealthCheckIp
- ResetVpnGatewayInternetMaxBandwidth
- ResetVpnConnection
- RenewVpnGateway
- ModifyVpnGatewayAttribute
- ModifyVpnConnectionAttribute
- ModifyCustomerGatewayAttribute
- InquiryPriceResetVpnGatewayInternetMaxBandwidth
- InquiryPriceRenewVpnGateway
- InquiryPriceCreateVpnGateway
- DownloadCustomerGatewayConfiguration
- DescribeVpnGateways
- DescribeVpnConnections
- DescribeCustomerGateways
- DescribeCustomerGatewayVendors
- DeleteVpnGateway
- DeleteVpnConnection
- DeleteCustomerGateway
- CreateVpnGateway
- CreateVpnConnection
- CreateCustomerGateway
- ModifyVpnGatewayCcnRoutes
- DescribeVpnGatewayCcnRoutes
- ModifyVpnGatewayRoutes
- DescribeVpnGatewayRoutes
- DeleteVpnGatewayRoutes
- CreateVpnGatewayRoutes
- SetVpnGatewaysRenewFlag
- Direct Connect Gateway APIs
- ReplaceDirectConnectGatewayCcnRoutes
- DescribeDirectConnectGatewayCcnRoutes
- DeleteDirectConnectGatewayCcnRoutes
- CreateDirectConnectGatewayCcnRoutes
- CreateDirectConnectGateway
- ModifyDirectConnectGatewayAttribute
- DescribeDirectConnectGateways
- DeleteDirectConnectGateway
- DisassociateDirectConnectGatewayNatGateway
- AssociateDirectConnectGatewayNatGateway
- InquirePriceCreateDirectConnectGateway
- Cloud Connect Network APIs
- SetCcnRegionBandwidthLimits
- ModifyCcnAttribute
- EnableCcnRoutes
- DisableCcnRoutes
- DetachCcnInstances
- DescribeCcns
- DescribeCcnRoutes
- DescribeCcnRegionBandwidthLimits
- DescribeCcnAttachedInstances
- DeleteCcn
- CreateCcn
- AttachCcnInstances
- ResetAttachCcnInstances
- RejectAttachCcnInstances
- AcceptAttachCcnInstances
- ModifyCcnRegionBandwidthLimitsType
- GetCcnRegionBandwidthLimits
- DescribeCrossBorderCompliance
- AuditCrossBorderCompliance
- ModifyCcnAttachedInstancesAttribute
- Security Group APIs
- ReplaceSecurityGroupPolicies
- DeleteSecurityGroup
- DescribeSecurityGroupPolicies
- ModifySecurityGroupAttribute
- CreateSecurityGroup
- CreateSecurityGroupPolicies
- DescribeSecurityGroups
- DeleteSecurityGroupPolicies
- ModifySecurityGroupPolicies
- ReplaceSecurityGroupPolicy
- DescribeSecurityGroupAssociationStatistics
- DescribeSecurityGroupReferences
- CreateSecurityGroupWithPolicies
- CloneSecurityGroup
- Network ACL APIs
- Network Parameter Template-Related APIs
- CreateAddressTemplate
- CreateAddressTemplateGroup
- CreateServiceTemplate
- CreateServiceTemplateGroup
- DeleteAddressTemplate
- DeleteAddressTemplateGroup
- DeleteServiceTemplate
- DeleteServiceTemplateGroup
- DescribeAddressTemplateGroups
- DescribeAddressTemplates
- DescribeServiceTemplateGroups
- DescribeServiceTemplates
- ModifyAddressTemplateAttribute
- ModifyAddressTemplateGroupAttribute
- ModifyServiceTemplateAttribute
- ModifyServiceTemplateGroupAttribute
- Network Detection-Related APIs
- Flow Log APIs
- Gateway Traffic Monitor APIs
- Private Link APIs
- CreateVpcEndPointService
- DescribeVpcEndPointService
- ModifyVpcEndPointServiceAttribute
- DeleteVpcEndPointService
- CreateVpcEndPointServiceWhiteList
- DescribeVpcEndPointServiceWhiteList
- ModifyVpcEndPointServiceWhiteList
- EnableVpcEndPointConnect
- DeleteVpcEndPointServiceWhiteList
- DescribeVpcEndPoint
- CreateVpcEndPoint
- ModifyVpcEndPointAttribute
- DeleteVpcEndPoint
- DisassociateVpcEndPointSecurityGroups
- Snapshot Policy APIs
- Other APIs
- Data Types
- Error Codes
- FAQs
- Contact Us
- Glossary
Currently, Tencent Cloud Group Account Management supports sharing of subnet resources in a VPC. With this feature, a management account can create a shared unit, select the VPC subnet resources under the account, and share them with specified member accounts. After the resources are successfully shared, members can log in to the console to view and use the shared resources.
Prerequisites
The group account has added member accounts to the organization.
Directions
Step 1. Share subnets with specified members
1. Log in to the Group Account Management console and select Resource Sharing > Shared by Me on the left sidebar.
2. Select the Shared Unit tab, select the region of the subnet to be shared at the top of the page, and click Create Shared Unit.
3. On the Create Shared Unit page, configure the following information.
Basic Info
Name: Shared unit name, which can be customized.
Shared Resources
Resource Type: Subnet is selected by default.
Shared Resources: Select up to ten subnets to be shared as shown below:
Note:
The list displays the information of the subnets in the region selected by the current account.
Shared Account
Account ID: Click Add Shared Account, select the member account in the Add Shared Account pop-up window, and click Save.
4. Click Complete.
You can select the Shared Resources and Shared Account tabs to view the shared resources and the member accounts.
Step 2. View subnets with a member account
1. Log in to the Group Account Management console and select Resource Sharing > Shared with Me on the left sidebar.
2. On the Shared with Me page, select the region of the shared subnet at the top:
Select the Shared Unit tab to view the shared unit.
Select the Shared Resources tab to view the available shared subnet resources.
You can also log in to the VPC console, select Subnet on the left sidebar, and select the region at the top of the Subnet page to view the shared subnet resources.
Billing
Tencent Cloud Group Account Management is free of charge, and you only need to pay for the Tencent Cloud resources used under your account. For example, you need to pay standard fees for Tencent Cloud CVM instances and public network bandwidth.
Appendix
Resource Item | Quota |
Number of members that resources can be shared with | 20 |
Number of resources that can be shared each time | 10 |
Number of times that a resource can be shared | 10 |
Note:
Other VPC quotas are the same as the current settings. The quotas are shared by the resource owners and users.
If there are resources created by other member accounts (resource users) under the VPC/subnet, the subnet cannot be deleted.
After a group management account (resource owner) shares VPC subnet resources with member accounts (resource users), their permissions to manipulate the shared subnet and the Tencent Cloud resources in it are as listed below.
Role | When Subnet Resources Are Shared | When Subnet Resources Are Not Shared | After Sharing Is Exited |
Resource owner | They can use and manage all resources under the VPC, such as Direct Connect gateways, VPN Gateway, NAT Gateway, CCN, ACLs, and route tables. They cannot modify or delete resources created by resource users, such as CVM, TencentDB, and CLB. | They can use and manage all resources under the VPC. | Resources are no longer shared and all associated subnets are disassociated. |
Resource user | They can use existing VPC resources but cannot create or modify them (for example, CVM instances can use the VPC's existing NAT gateways to access the public network, but cannot create one). They can create resources under the shared subnet, such as CVM, TencentDB, and CLB. They cannot view or use resources created by other resource users. | They can still use the resources they've created but cannot create resources in the subnet. They cannot use the existing resources under the VPC. | All subnet resources are no longer shared. |
The permissions of the resource owners and users to manipulate other network resources in the VPC are as listed below.
Network Resource | Resource User | Resource Owner |
VPC | They can only view the VPC of the shared subnet. | They have all the operation permissions but cannot delete a VPC with shared resources. |
Subnet | They can only view the shared subnet. | They have all the operation permissions but cannot delete a subnet that is shared with other users. |
Route table | They can only view the route table bound to the shared subnet and the routing policy of that table. | They have all the operation permissions. |
Network ACL | They can view the ACL bound to the shared subnet. | They have all the operation permissions. |
CCN | They have no operation permissions. | They have all the operation permissions. All VPC resources (including those created by the resource owners/users) can communicate with other VPCs/IDCs over CCN. |
VPN Gateway | They have no operation permissions. | They have all the operation permissions. All VPC resources (including those created by the resource owners/users) can communicate with other IDCs through a VPN gateway. |
NAT gateway | They have no operation permissions. | They have all the operation permissions. All VPC resources (including those created by the resource owners/users) can access the internet through a NAT gateway. |
Direct Connect gateway | They have no operation permissions. | They have all the operation permissions. All VPC resources (including those created by the resource owners/users) can communicate with other IDCs through the Direct Connect gateway. |
Yes
No
Was this page helpful?