在 License Manager 中共用自我管理授權 - AWS License Manager

本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。

在 License Manager 中共用自我管理授權

您可以使用... AWS Resource Access Manager 與任何人共用您的自我管理授權 AWS 帳戶或透過 AWS Organizations。 如需詳細資訊,請參閱分享您的 AWS中的資源 AWS RAM 使用者指南

支援的帳號配額

如果您在中啟用授權共用 AWS License Manager 在 2023 年 10 月 14 日之前,您組織中 License Manager 支援的最大帳戶數量配額將小於新的預設上限。您可以使用下列API作業來增加此配額 AWS RAM 在下一節中提供。如需有關「License Manager」中預設配額的詳細資訊,請參閱使用授權的配AWS 一般參考 指南

必要條件

若要完成下列程序,您必須以具有下列權限的組織管理帳戶中的主參與者身分登入:

  • ram:EnableSharingWithAwsOrganization

  • iam:CreateServiceLinkedRole

  • organizations:enableAWSServiceAccess

  • organizations:DescribeOrganization

增加支援的帳戶配額

下列程序會將目前的配額增加Number of accounts per organization for License Manager到目前的預設上限。

增加 License Manager 支援的帳戶配額
  1. 使用 describe-organization AWS CLI 使用下列作業來判斷您組織的ARN指令:

    aws organizations describe-organization { "Organization": { "Id": "o-abcde12345", "Arn": "arn:aws:organizations::111122223333:organization/o-abcde12345", "FeatureSet": "ALL", "MasterAccountArn": "arn:aws:organizations::111122223333:account/o-abcde12345/111122223333", "MasterAccountId": "111122223333", "MasterAccountEmail": "name+orgsidentifier@example.com", "AvailablePolicyTypes": [ { "Type": "SERVICE_CONTROL_POLICY", "Status": "ENABLED" } ] } }
  2. 使用 get-resource-shares AWS CLI 使用下列作業來判斷您組織的ARN指令:

    aws ram get-resource-shares --resource-owner SELF --tag-filters tagKey=Service,tagValues=LicenseManager --region us-east-1 { "resourceShares": [ { "resourceShareArn": "arn:aws:ram:us-east-1:111122223333:resource-share/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", "name": "licenseManagerResourceShare-111122223333", "owningAccountId": "111122223333", "allowExternalPrincipals": true, "status": "ACTIVE", "tags": [ { "key": "Service", "value": "LicenseManager" } ], "creationTime": "2023-10-04T12:52:10.021000-07:00", "lastUpdatedTime": "2023-10-04T12:52:10.021000-07:00", "featureSet": "STANDARD" } ] }
  3. 使用 enable-sharing-with-aws-organization AWS CLI 啟用資源共用的指令 AWS RAM:

    aws ram enable-sharing-with-aws-organization { "returnValue": true }

    您可以使用 list-aws-service-access-for-organization AWS CLI 指令以驗證 Organizations 清單服務主體是否已啟用 License Manager,以及 AWS RAM:

    aws organizations list-aws-service-access-for-organization { "EnabledServicePrincipals": [ { "ServicePrincipal": "license-manager.amazonaws.com", "DateEnabled": "2023-10-04T12:50:59.814000-07:00" }, { "ServicePrincipal": "license-manager.member-account.amazonaws.com", "DateEnabled": "2023-10-04T12:50:59.565000-07:00" }, { "ServicePrincipal": "ram.amazonaws.com", "DateEnabled": "2023-10-04T13:06:34.771000-07:00" } ] }
    重要

    最多可能需要六個小時 AWS RAM 以完成組織的此作業。必須先完成此程序,才能繼續進行。

  4. 使用 associate-resource-share AWS CLI 將 License Manager 資源共用與組織建立關聯的指令:

    aws ram associate-resource-share --resource-share-arn arn:aws:ram:us-east-1:111122223333:resource-share/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111 --principals arn:aws:organizations::111122223333:organization/o-abcde12345 --region us-east-1 { "resourceShareAssociations": [ { "resourceShareArn": "arn:aws:ram:us-east-1:111122223333:resource-share/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", "associatedEntity": "arn:aws:organizations::111122223333:organization/o-abcde12345", "associationType": "PRINCIPAL", "status": "ASSOCIATING", "external": false } ] }

    您可以使用 get-resource-share-associations AWS CLI 命令來驗證資源共享關聯的statusASSOCIATED

    aws ram get-resource-share-associations --association-type "PRINCIPAL" --principal arn:aws:organizations::111122223333:organization/o-abcde12345--resource-share-arns arn:aws:ram:us-east-1:111122223333:resource-share/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111 --region us-east-1 { "resourceShareAssociations": [ { "resourceShareArn": "arn:aws:ram:us-east-1:111122223333:resource-share/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", "resourceShareName": "licenseManagerResourceShare-111122223333", "associatedEntity": "arn:aws:organizations::111122223333:organization/o-abcde12345", "associationType": "PRINCIPAL", "status": "ASSOCIATED", "creationTime": "2023-10-04T13:12:33.422000-07:00", "lastUpdatedTime": "2023-10-04T13:12:34.663000-07:00", "external": false } ] }