本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。
在 License Manager 中共用自我管理授權
您可以使用... AWS Resource Access Manager 與任何人共用您的自我管理授權 AWS 帳戶或透過 AWS Organizations。 如需詳細資訊,請參閱分享您的 AWS中的資源 AWS RAM 使用者指南。
支援的帳號配額
如果您在中啟用授權共用 AWS License Manager 在 2023 年 10 月 14 日之前,您組織中 License Manager 支援的最大帳戶數量配額將小於新的預設上限。您可以使用下列API作業來增加此配額 AWS RAM 在下一節中提供。如需有關「License Manager」中預設配額的詳細資訊,請參閱使用授權的配額 AWS 一般參考 指南。
必要條件
若要完成下列程序,您必須以具有下列權限的組織管理帳戶中的主參與者身分登入:
-
ram:EnableSharingWithAwsOrganization
-
iam:CreateServiceLinkedRole
-
organizations:enableAWSServiceAccess
-
organizations:DescribeOrganization
增加支援的帳戶配額
下列程序會將目前的配額增加Number of accounts per
organization for License Manager
到目前的預設上限。
增加 License Manager 支援的帳戶配額
-
使用 describe-organization AWS CLI 使用下列作業來判斷您組織的ARN指令:
aws organizations describe-organization
{ "Organization": { "Id": "o-abcde12345", "Arn": "arn:aws:organizations::111122223333:organization/o-abcde12345", "FeatureSet": "ALL", "MasterAccountArn": "arn:aws:organizations::111122223333:account/o-abcde12345/111122223333", "MasterAccountId": "111122223333", "MasterAccountEmail": "name+orgsidentifier@example.com", "AvailablePolicyTypes": [ { "Type": "SERVICE_CONTROL_POLICY", "Status": "ENABLED" } ] } }
-
使用 get-resource-shares AWS CLI 使用下列作業來判斷您組織的ARN指令:
aws ram get-resource-shares --resource-owner SELF --tag-filters tagKey=Service,tagValues=LicenseManager --region
us-east-1
{ "resourceShares": [ { "resourceShareArn": "arn:aws:ram:us-east-1:111122223333:resource-share/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", "name": "licenseManagerResourceShare-111122223333", "owningAccountId": "111122223333", "allowExternalPrincipals": true, "status": "ACTIVE", "tags": [ { "key": "Service", "value": "LicenseManager" } ], "creationTime": "2023-10-04T12:52:10.021000-07:00", "lastUpdatedTime": "2023-10-04T12:52:10.021000-07:00", "featureSet": "STANDARD" } ] }
-
使用 enable-sharing-with-aws-organization AWS CLI 啟用資源共用的指令 AWS RAM:
aws ram enable-sharing-with-aws-organization
{ "returnValue": true }
您可以使用 list-aws-service-access-for-organization AWS CLI 指令以驗證 Organizations 清單服務主體是否已啟用 License Manager,以及 AWS RAM:
aws organizations list-aws-service-access-for-organization
{ "EnabledServicePrincipals": [ { "ServicePrincipal": "license-manager.amazonaws.com", "DateEnabled": "2023-10-04T12:50:59.814000-07:00" }, { "ServicePrincipal": "license-manager.member-account.amazonaws.com", "DateEnabled": "2023-10-04T12:50:59.565000-07:00" }, { "ServicePrincipal": "ram.amazonaws.com", "DateEnabled": "2023-10-04T13:06:34.771000-07:00" } ] }
重要
最多可能需要六個小時 AWS RAM 以完成組織的此作業。必須先完成此程序,才能繼續進行。
-
使用 associate-resource-share AWS CLI 將 License Manager 資源共用與組織建立關聯的指令:
aws ram associate-resource-share --resource-share-arn arn:aws:ram:
us-east-1
:111122223333
:resource-share/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111
--principals arn:aws:organizations::111122223333
:organization/o-abcde12345
--regionus-east-1
{ "resourceShareAssociations": [ { "resourceShareArn": "arn:aws:ram:us-east-1:111122223333:resource-share/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", "associatedEntity": "arn:aws:organizations::111122223333:organization/o-abcde12345", "associationType": "PRINCIPAL", "status": "ASSOCIATING", "external": false } ] }
您可以使用 get-resource-share-associations AWS CLI 命令來驗證資源共享關聯的
status
是ASSOCIATED
:aws ram get-resource-share-associations --association-type "PRINCIPAL" --principal arn:aws:organizations::
111122223333
:organization/o-abcde12345
--resource-share-arns arn:aws:ram:us-east-1
:111122223333
:resource-share/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111
--regionus-east-1
{ "resourceShareAssociations": [ { "resourceShareArn": "arn:aws:ram:us-east-1:111122223333:resource-share/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", "resourceShareName": "licenseManagerResourceShare-111122223333", "associatedEntity": "arn:aws:organizations::111122223333:organization/o-abcde12345", "associationType": "PRINCIPAL", "status": "ASSOCIATED", "creationTime": "2023-10-04T13:12:33.422000-07:00", "lastUpdatedTime": "2023-10-04T13:12:34.663000-07:00", "external": false } ] }