Share a traffic mirror target Accept a resource share Delete a resource share

Cross-account traffic mirror targets

A traffic mirror target can be owned by an Amazon account that is different from the traffic mirror source.

Before you can use a cross-account traffic mirror target, the traffic mirror target owner shares the target with you by using the Amazon Resource Access Manager. When you are in different Amazon Organizations from the owner, after the owner shares the traffic mirror target, you accept the share request. After you accept the share request, you can use the traffic mirror target in a traffic mirror session.

The traffic mirror target is visible to shared accounts in their DescribeTrafficMirrorTarget API calls. Only the traffic mirror target owner can modify or delete the traffic mirror target.

Traffic mirror sessions that are created in a different account than the traffic mirror target are visible in DescribeTrafficMirrorSession API calls that are made by the traffic mirror target owner.

You can use Amazon Resource Access Manager (RAM) to share a traffic mirror target across accounts. Use the following procedure to share a traffic mirror target that you own.

You must create a traffic mirror target before you share it. For more information, see Create a traffic mirror target.

To share a traffic mirror target

Open the Amazon Resource Access Manager console at https://console.amazonaws.cn/ram/.
Choose Create a resource share.
Under Description, for Name, enter a descriptive name for the resource share.
For Select resource type, choose Traffic Mirror Targets. Select the traffic mirror target.
For Principals, add principals to the resource share. For each Amazon account, OU, or organization, specify its ID and choose Add.

For Allow external accounts, choose whether to allow sharing for this resource with Amazon accounts that are external to your organization.
(Optional) Under Tags, enter a tag key and tag value pair for each tag. These tags are applied to the resource share but not to the traffic mirror target.
Choose Create resource share.

If you are in different Amazon Organizations from the share owner, you must accept the resource share before you can access the shared resources.

To accept a resource share

Open the Amazon Resource Access Manager console at https://console.amazonaws.cn/ram/.
On the navigation pane, choose Shared with me, Resource shares.
Select the resource share.
Choose Accept resource share.
To view the shared traffic mirror target, open the Traffic Mirror Targets page in the Amazon VPC console.

You can delete a resource share at any time. When you delete a resource share, all principals that are associated with the resource share lose access to the shared resources. Deleting a resource share does not delete the shared resources.

When you delete a shared traffic mirror target that is in use, the traffic mirror session becomes inactive.

To delete a resource share

Open the Amazon Resource Access Manager console at https://console.amazonaws.cn/ram/.
On the navigation pane, choose Shared by me, Resource shares.
Select the resource share.

Be sure to select the correct resource share. You cannot recover a resource share after you delete it.
Choose Delete.
When prompted for confirmation, enter delete, and then choose Delete.

Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Targets

Filters