本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。
共享自管理许可证
您可以使用 Amazon Resource Access Manager 与任何 Amazon 账户或通过 Amazon Organizations任何账户共享您的自我管理许可证。有关更多信息,请参阅《Amazon RAM 用户指南》中的共享 Amazon 资源。
支持的账户配额
如果您在 2023 年 10 月 14 日 Amazon License Manager 之前启用了许可证共享,则您的组织中 License Manager 支持的最大账户数量的配额将小于新的默认最大值。您可以通过使用下一节中提供 Amazon RAM 的 API 操作来增加此配额。有关 License Manager 中默认配额的更多信息,请参阅 Amazon Web Services 一般参考 指南中的使用许可证的配额。
先决条件
要完成以下步骤,您必须以组织管理账户中的主题身份登录并且必须拥有以下权限:
-
ram:EnableSharingWithAwsOrganization -
iam:CreateServiceLinkedRole -
organizations:enableAWSServiceAccess -
organizations:DescribeOrganization
增加受支持的账户配额
以下步骤会将 Number of accounts per
organization for License Manager的当前配额增加到当前默认最大数量。
增加 License Manager 的受支持账户配额
-
使用describe-organization Amazon CLI 命令通过以下操作来确定组织的 ARN:
aws organizations describe-organization{ "Organization": { "Id": "o-abcde12345", "Arn": "arn:aws:organizations::111122223333:organization/o-abcde12345", "FeatureSet": "ALL", "MasterAccountArn": "arn:aws:organizations::111122223333:account/o-abcde12345/111122223333", "MasterAccountId": "111122223333", "MasterAccountEmail": "name+orgsidentifier@example.com", "AvailablePolicyTypes": [ { "Type": "SERVICE_CONTROL_POLICY", "Status": "ENABLED" } ] } } -
使用get-resource-shares Amazon CLI 命令通过以下操作来确定组织的 ARN:
aws ram get-resource-shares --resource-owner SELF --tag-filters tagKey=Service,tagValues=LicenseManager --regionus-east-1{ "resourceShares": [ { "resourceShareArn": "arn:aws:ram:us-east-1:111122223333:resource-share/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", "name": "licenseManagerResourceShare-111122223333", "owningAccountId": "111122223333", "allowExternalPrincipals": true, "status": "ACTIVE", "tags": [ { "key": "Service", "value": "LicenseManager" } ], "creationTime": "2023-10-04T12:52:10.021000-07:00", "lastUpdatedTime": "2023-10-04T12:52:10.021000-07:00", "featureSet": "STANDARD" } ] } -
使用enable-sharing-with-aws-organization Amazon CLI 命令通过以下方式启用资源共享 Amazon RAM:
aws ram enable-sharing-with-aws-organization{ "returnValue": true }您可以使用list-aws-service-access-for-organization Amazon CLI 命令来验证 Organizations 列表是否已为 License Manager 启用服务主体,以及 Amazon RAM:
aws organizations list-aws-service-access-for-organization{ "EnabledServicePrincipals": [ { "ServicePrincipal": "license-manager.amazonaws.com", "DateEnabled": "2023-10-04T12:50:59.814000-07:00" }, { "ServicePrincipal": "license-manager.member-account.amazonaws.com", "DateEnabled": "2023-10-04T12:50:59.565000-07:00" }, { "ServicePrincipal": "ram.amazonaws.com", "DateEnabled": "2023-10-04T13:06:34.771000-07:00" } ] }重要
您的组织可能需要长达六个小时 Amazon RAM 才能完成此操作。必须先完成此过程,然后才能继续。
-
使用associate-resource-share Amazon CLI 命令将您的 License Manager 资源共享与您的组织相关联:
aws ram associate-resource-share --resource-share-arn arn:aws:ram:us-east-1:111122223333:resource-share/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111--principals arn:aws:organizations::111122223333:organization/o-abcde12345--regionus-east-1{ "resourceShareAssociations": [ { "resourceShareArn": "arn:aws:ram:us-east-1:111122223333:resource-share/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", "associatedEntity": "arn:aws:organizations::111122223333:organization/o-abcde12345", "associationType": "PRINCIPAL", "status": "ASSOCIATING", "external": false } ] }您可以使用get-resource-share-associations Amazon CLI 命令来验证资源共享关联是否
status为ASSOCIATED:aws ram get-resource-share-associations --association-type "PRINCIPAL" --principal arn:aws:organizations::111122223333:organization/o-abcde12345--resource-share-arns arn:aws:ram:us-east-1:111122223333:resource-share/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111--regionus-east-1{ "resourceShareAssociations": [ { "resourceShareArn": "arn:aws:ram:us-east-1:111122223333:resource-share/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", "resourceShareName": "licenseManagerResourceShare-111122223333", "associatedEntity": "arn:aws:organizations::111122223333:organization/o-abcde12345", "associationType": "PRINCIPAL", "status": "ASSOCIATED", "creationTime": "2023-10-04T13:12:33.422000-07:00", "lastUpdatedTime": "2023-10-04T13:12:34.663000-07:00", "external": false } ] }