Process overview - Amazon Virtual Private Cloud
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Process overview

This section explains how to integrate your IPAM with Amazon accounts outside of your organization. It refers to topics that are covered in other sections of this guide. Keep this page visible, and open the topics linked below in a new window so that you can return to this page for guidance.

When you integrate IPAM with Amazon accounts outside of your organization, there are 4 Amazon accounts involved in the process:

  • Primary Org Owner - The Amazon Organizations management account for organization 1.

  • Primary Org IPAM Account - The IPAM delegated administrator account for organization 1.

  • Secondary Org Owner - The Amazon Organizations management account for organization 2.

  • Secondary Org Admin Account - The IPAM delegated administrator account for organization 2.

Steps

  1. Primary Org Owner delegates a member of their organization as the Primary Org IPAM Account (see Integrate IPAM with accounts in an Amazon Organization).

  2. Primary Org IPAM Account creates an IPAM (see Create an IPAM).

  3. Secondary Org Owner delegates a member of their organization as the Secondary Org Admin Account (see Integrate IPAM with accounts in an Amazon Organization).

  4. Secondary Org Admin Account creates a resource discovery and shares it with the Primary Org IPAM Account using Amazon RAM (see Create a resource discovery and Share a resource discovery). The resource discovery must be created in the same home Region as the Primary Org IPAM.

  5. Primary Org IPAM Account accepts the resource share invitation using Amazon RAM (see Accepting and rejecting resource share invitations in the Amazon RAM User Guide).

  6. Primary Org IPAM Account associates the resource discovery with their IPAM (see Associate a resource discovery with an IPAM).

  7. Primary Org IPAM Account can now monitor and/or manage IPAM resources created by the accounts in Secondary Org.

  8. (Optional) Primary Org IPAM Account shares IPAM pools with member accounts in Secondary Org (see Share an IPAM pool using Amazon RAM).

  9. (Optional) If Primary Org IPAM Account wants to stop discovering resources in Secondary Org, it can disassociate the resource discovery from the IPAM (see Disassociate a resource discovery).

  10. (Optional) If the Secondary Org Admin Account wants to stop participating in the Primary Org’s IPAM, they can unshare the shared resource discovery (see Update a resource share in Amazon RAM in the Amazon RAM User Guide) or delete the resource discovery (see Delete a resource discovery).