本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。
共用自我管理授權
您可以使用 AWS Resource Access Manager 與任何 AWS 帳戶或透過 AWS Organizations共用您的自我管理授權。如需詳細資訊,請參閱AWS RAM 使用指南中的「共用 AWS 資源」。
支援的帳號配額
如果您在 2023 年 10 月 14 日 AWS License Manager 之前啟用授權共用,則組織內 License Manager 支援的最大帳號數量配額將小於新的預設上限。您可以使用下一節所提供的 AWS RAM API 作業來增加此配額。如需有關 License Manager 中預設配額的詳細資訊,請參閱AWS 一般參考 指南中的使用授權的配額。
必要條件
若要完成下列程序,您必須以具有下列權限的組織管理帳戶中的主參與者身分登入:
-
ram:EnableSharingWithAwsOrganization -
iam:CreateServiceLinkedRole -
organizations:enableAWSServiceAccess -
organizations:DescribeOrganization
增加支援的帳戶配額
下列程序會將目前的配額增加Number of accounts per
organization for License Manager到目前的預設上限。
增加 License Manager 支援的帳戶配額
-
使用指describe-organization AWS CLI 令來判斷您組織的 ARN,方法是使用下列作業:
aws organizations describe-organization{ "Organization": { "Id": "o-abcde12345", "Arn": "arn:aws:organizations::111122223333:organization/o-abcde12345", "FeatureSet": "ALL", "MasterAccountArn": "arn:aws:organizations::111122223333:account/o-abcde12345/111122223333", "MasterAccountId": "111122223333", "MasterAccountEmail": "name+orgsidentifier@example.com", "AvailablePolicyTypes": [ { "Type": "SERVICE_CONTROL_POLICY", "Status": "ENABLED" } ] } } -
使用指get-resource-shares AWS CLI 令來判斷您組織的 ARN,方法是使用下列作業:
aws ram get-resource-shares --resource-owner SELF --tag-filters tagKey=Service,tagValues=LicenseManager --regionus-east-1{ "resourceShares": [ { "resourceShareArn": "arn:aws:ram:us-east-1:111122223333:resource-share/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", "name": "licenseManagerResourceShare-111122223333", "owningAccountId": "111122223333", "allowExternalPrincipals": true, "status": "ACTIVE", "tags": [ { "key": "Service", "value": "LicenseManager" } ], "creationTime": "2023-10-04T12:52:10.021000-07:00", "lastUpdatedTime": "2023-10-04T12:52:10.021000-07:00", "featureSet": "STANDARD" } ] } -
使用enable-sharing-with-aws-organization AWS CLI 指令啟用資源共用 AWS RAM:
aws ram enable-sharing-with-aws-organization{ "returnValue": true }您可以使用此指list-aws-service-access-for-organization AWS CLI 令來驗證 Organizations 清單的服務主體是否已啟用 License Manager,以及 AWS RAM:
aws organizations list-aws-service-access-for-organization{ "EnabledServicePrincipals": [ { "ServicePrincipal": "license-manager.amazonaws.com", "DateEnabled": "2023-10-04T12:50:59.814000-07:00" }, { "ServicePrincipal": "license-manager.member-account.amazonaws.com", "DateEnabled": "2023-10-04T12:50:59.565000-07:00" }, { "ServicePrincipal": "ram.amazonaws.com", "DateEnabled": "2023-10-04T13:06:34.771000-07:00" } ] }重要
您的組織最多可能需 AWS RAM 要六個小時才能完成此作業。必須先完成此程序,才能繼續進行。
-
使用指associate-resource-share AWS CLI 令將 License Manager 資源共用與組織建立關聯:
aws ram associate-resource-share --resource-share-arn arn:aws:ram:us-east-1:111122223333:resource-share/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111--principals arn:aws:organizations::111122223333:organization/o-abcde12345--regionus-east-1{ "resourceShareAssociations": [ { "resourceShareArn": "arn:aws:ram:us-east-1:111122223333:resource-share/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", "associatedEntity": "arn:aws:organizations::111122223333:organization/o-abcde12345", "associationType": "PRINCIPAL", "status": "ASSOCIATING", "external": false } ] }您可以使用get-resource-share-associations AWS CLI 命令來驗證資源共用關聯的
status是ASSOCIATED:aws ram get-resource-share-associations --association-type "PRINCIPAL" --principal arn:aws:organizations::111122223333:organization/o-abcde12345--resource-share-arns arn:aws:ram:us-east-1:111122223333:resource-share/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111--regionus-east-1{ "resourceShareAssociations": [ { "resourceShareArn": "arn:aws:ram:us-east-1:111122223333:resource-share/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", "resourceShareName": "licenseManagerResourceShare-111122223333", "associatedEntity": "arn:aws:organizations::111122223333:organization/o-abcde12345", "associationType": "PRINCIPAL", "status": "ASSOCIATED", "creationTime": "2023-10-04T13:12:33.422000-07:00", "lastUpdatedTime": "2023-10-04T13:12:34.663000-07:00", "external": false } ] }
