CreateCrossAccountAttachment
Create a cross-account attachment in AWS Global Accelerator. You create a cross-account attachment to specify the principals who have permission to work with resources in accelerators in their own account. You specify, in the same attachment, the resources that are shared.
A principal can be an AWS account number or the Amazon Resource Name (ARN) for an accelerator. For account numbers that are listed as principals, to work with a resource listed in the attachment, you must sign in to an account specified as a principal. Then, you can work with resources that are listed, with any of your accelerators. If an accelerator ARN is listed in the cross-account attachment as a principal, anyone with permission to make updates to the accelerator can work with resources that are listed in the attachment.
Specify each principal and resource separately. To specify two CIDR address pools, list
them individually under Resources, and so on. For a command line operation, for example,
you might use a statement like the following:
"Resources": [{"Cidr": "169.254.60.0/24"},{"Cidr": "169.254.59.0/24"}]
For more information, see Working with cross-account attachments and resources in AWS Global Accelerator in the AWS Global Accelerator Developer Guide.
Request Syntax
{
"IdempotencyToken": "string",
"Name": "string",
"Principals": [ "string" ],
"Resources": [
{
"Cidr": "string",
"EndpointId": "string",
"Region": "string"
}
],
"Tags": [
{
"Key": "string",
"Value": "string"
}
]
}Request Parameters
For information about the parameters that are common to all actions, see Common Parameters.
The request accepts the following data in JSON format.
- IdempotencyToken
-
A unique, case-sensitive identifier that you provide to ensure the idempotency—that is, the uniqueness—of the request.
Type: String
Length Constraints: Maximum length of 255.
Required: Yes
- Name
-
The name of the cross-account attachment.
Type: String
Length Constraints: Maximum length of 64.
Pattern:
[\S\s]+Required: Yes
- Principals
-
The principals to include in the cross-account attachment. A principal can be an AWS account number or the Amazon Resource Name (ARN) for an accelerator.
Type: Array of strings
Length Constraints: Maximum length of 256.
Pattern:
(^\d{12}$|arn:.*)Required: No
- Resources
-
The Amazon Resource Names (ARNs) for the resources to include in the cross-account attachment. A resource can be any supported AWS resource type for Global Accelerator or a CIDR range for a bring your own IP address (BYOIP) address pool.
Type: Array of Resource objects
Required: No
- Tags
-
Add tags for a cross-account attachment.
For more information, see Tagging in AWS Global Accelerator in the AWS Global Accelerator Developer Guide.
Type: Array of Tag objects
Required: No
Response Syntax
{
"CrossAccountAttachment": {
"AttachmentArn": "string",
"CreatedTime": number,
"LastModifiedTime": number,
"Name": "string",
"Principals": [ "string" ],
"Resources": [
{
"Cidr": "string",
"EndpointId": "string",
"Region": "string"
}
]
}
}Response Elements
If the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
- CrossAccountAttachment
-
Information about the cross-account attachment.
Type: Attachment object
Errors
For information about the errors that are common to all actions, see Common Errors.
- AccessDeniedException
-
You don't have access permission.
HTTP Status Code: 400
- InternalServiceErrorException
-
There was an internal error for AWS Global Accelerator.
HTTP Status Code: 400
- InvalidArgumentException
-
An argument that you specified is invalid.
HTTP Status Code: 400
- LimitExceededException
-
Processing your request would cause you to exceed an AWS Global Accelerator limit.
HTTP Status Code: 400
- TransactionInProgressException
-
There's already a transaction in progress. Another transaction can't be processed.
HTTP Status Code: 400
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following:
