October 21, 2022 By Henrik Loeser 3 min read

IBM Cloud supports resource sharing between accounts. In this blog post, we discuss use cases and get you started with our new tutorial.

An innumerable number of services are offered on the Internet. If you’re like me, you probably own accounts at many service providers for email, messaging, storage, music, news, source code management and more. To use these services, you typically access them with a combination of user identity (ID) and password or by providing some form of API key or access token—maybe even with some added second-factor authentication.

Similar options exist for services in a cloud-native, microservices-based application. With all the services available in IBM Cloud, thanks to Identity and Access Management (IAM), additional options for app-to-service and service-to-service access exist. So-called service bindings allow the automatic creation and exchange of credentials. Service-to-service authorizations even grant a source service permissions on a target service. Such access is not limited to services in the same account. Authorizations can be given to source services in other IBM Cloud accounts—an enterprise is not required (see screenshot below).

In this blog post, I’ll discuss typical use cases for sharing resources (services) across accounts. Moreover, I’ll show you how to learn more and implement those scenarios on your own with the help of our new tutorial: Resource sharing across accounts.

Grant a service in another account authorization to access the target service.

Resource-sharing use cases

It is not unusual to find multiple applications access and use the same resource (or parts of it). One example is when applications and compute environments have to live on the same corporate network. Another scenario is that security logs are collected in central storage.

A microservices architecture requires us to configure services to access and use external resources. In turn, the shared resources must authorize access, and the network between them is configured to support such collaboration, but not more. Some typical use cases of resource sharing include the following:

  • Central management of security-related infrastructure: Monitor security from a dedicated account and aggregate security logs in a single place. Manage all encryption keys in central key management systems (KMS). (See the diagram below.)
  • Coordination of network addresses and subnets: Applications and compute environments need to fit into the same network and require the sharing of address ranges and domain names.
  • Central management of resources for disaster recovery, including backup services like IBM Cloud Backup: Applications and their services may be designed for high availability, but additional centrally organized resources might be available to fall back to in the worst case. This includes holding multiple resource copies available worldwide (e.g., stored in replicated IBM Cloud Object Storage buckets).
  • Control costs by sharing more expensive services where possible: Not every development project needs to have all services deployed as dedicated instances. Often, it is enough to share service instances—within accounts or across. Even for production environments, service instances might be shared depending on their cost/value factor and technical feasibility. This can be organized by restricting available services in an account, utilizing private catalogs and restricting the public catalog, then centrally providing instances of restricted services.
  • Central management of resources on a corporate level or for a business unit: This could be assets needed for branding or centrally managed templates, base images (e.g., virtual machines, containers) and more. Again, private catalogs and the Container Registry are typical services.
  • Make scarce resources available to more users: Sometimes, a resource type is only available in limited quantity. By sharing, more applications can benefit from it. This may require rate limiting.

Sharing security resources across accounts.

Getting started

To learn more about how to share resources within IBM Cloud with service-to-service authorizations and other techniques, check out the new IBM Cloud solution tutorial: Resource sharing across accounts.

After looking into typical use cases, it discusses resource sharing of security resources (see diagram above) and network resources. Then, the tutorial shows how to implement resource sharing and provides IBM Cloud CLI (Command Line Interface) and Terraform examples. Moreover, you will find an overview of IBM Cloud services that support service-to-service authorization or are typically used across accounts.

The tutorial has a related GitHub repository with Terraform code snippets you can use to easily get started. The following are a few resources to help you along the way:

If you have feedback, suggestions, or questions about this post, please reach out to me on Twitter (@data_henrik) or LinkedIn

Was this article helpful?
YesNo

More from Cloud

The history of the central processing unit (CPU)

10 min read - The central processing unit (CPU) is the computer’s brain. It handles the assignment and processing of tasks, in addition to functions that make a computer run. There’s no way to overstate the importance of the CPU to computing. Virtually all computer systems contain, at the least, some type of basic CPU. Regardless of whether they’re used in personal computers (PCs), laptops, tablets, smartphones or even in supercomputers whose output is so strong it must be measured in floating-point operations per…

A clear path to value: Overcome challenges on your FinOps journey 

3 min read - In recent years, cloud adoption services have accelerated, with companies increasingly moving from traditional on-premises hosting to public cloud solutions. However, the rise of hybrid and multi-cloud patterns has led to challenges in optimizing value and controlling cloud expenditure, resulting in a shift from capital to operational expenses.   According to a Gartner report, cloud operational expenses are expected to surpass traditional IT spending, reflecting the ongoing transformation in expenditure patterns by 2025. FinOps is an evolving cloud financial management discipline…

IBM Power8 end of service: What are my options?

3 min read - IBM Power8® generation of IBM Power Systems was introduced ten years ago and it is now time to retire that generation. The end-of-service (EoS) support for the entire IBM Power8 server line is scheduled for this year, commencing in March 2024 and concluding in October 2024. EoS dates vary by model: 31 March 2024: maintenance expires for Power Systems S812LC, S822, S822L, 822LC, 824 and 824L. 31 May 2024: maintenance expires for Power Systems S812L, S814 and 822LC. 31 October…

IBM Newsletters

Get our newsletters and topic updates that deliver the latest thought leadership and insights on emerging trends.
Subscribe now More newsletters