October 21, 2022 By Henrik Loeser 3 min read

IBM Cloud supports resource sharing between accounts. In this blog post, we discuss use cases and get you started with our new tutorial.

An innumerable number of services are offered on the Internet. If you’re like me, you probably own accounts at many service providers for email, messaging, storage, music, news, source code management and more. To use these services, you typically access them with a combination of user identity (ID) and password or by providing some form of API key or access token—maybe even with some added second-factor authentication.

Similar options exist for services in a cloud-native, microservices-based application. With all the services available in IBM Cloud, thanks to Identity and Access Management (IAM), additional options for app-to-service and service-to-service access exist. So-called service bindings allow the automatic creation and exchange of credentials. Service-to-service authorizations even grant a source service permissions on a target service. Such access is not limited to services in the same account. Authorizations can be given to source services in other IBM Cloud accounts—an enterprise is not required (see screenshot below).

In this blog post, I’ll discuss typical use cases for sharing resources (services) across accounts. Moreover, I’ll show you how to learn more and implement those scenarios on your own with the help of our new tutorial: Resource sharing across accounts.

Grant a service in another account authorization to access the target service.

Resource-sharing use cases

It is not unusual to find multiple applications access and use the same resource (or parts of it). One example is when applications and compute environments have to live on the same corporate network. Another scenario is that security logs are collected in central storage.

A microservices architecture requires us to configure services to access and use external resources. In turn, the shared resources must authorize access, and the network between them is configured to support such collaboration, but not more. Some typical use cases of resource sharing include the following:

  • Central management of security-related infrastructure: Monitor security from a dedicated account and aggregate security logs in a single place. Manage all encryption keys in central key management systems (KMS). (See the diagram below.)
  • Coordination of network addresses and subnets: Applications and compute environments need to fit into the same network and require the sharing of address ranges and domain names.
  • Central management of resources for disaster recovery, including backup services like IBM Cloud Backup: Applications and their services may be designed for high availability, but additional centrally organized resources might be available to fall back to in the worst case. This includes holding multiple resource copies available worldwide (e.g., stored in replicated IBM Cloud Object Storage buckets).
  • Control costs by sharing more expensive services where possible: Not every development project needs to have all services deployed as dedicated instances. Often, it is enough to share service instances—within accounts or across. Even for production environments, service instances might be shared depending on their cost/value factor and technical feasibility. This can be organized by restricting available services in an account, utilizing private catalogs and restricting the public catalog, then centrally providing instances of restricted services.
  • Central management of resources on a corporate level or for a business unit: This could be assets needed for branding or centrally managed templates, base images (e.g., virtual machines, containers) and more. Again, private catalogs and the Container Registry are typical services.
  • Make scarce resources available to more users: Sometimes, a resource type is only available in limited quantity. By sharing, more applications can benefit from it. This may require rate limiting.

Sharing security resources across accounts.

Getting started

To learn more about how to share resources within IBM Cloud with service-to-service authorizations and other techniques, check out the new IBM Cloud solution tutorial: Resource sharing across accounts.

After looking into typical use cases, it discusses resource sharing of security resources (see diagram above) and network resources. Then, the tutorial shows how to implement resource sharing and provides IBM Cloud CLI (Command Line Interface) and Terraform examples. Moreover, you will find an overview of IBM Cloud services that support service-to-service authorization or are typically used across accounts.

The tutorial has a related GitHub repository with Terraform code snippets you can use to easily get started. The following are a few resources to help you along the way:

If you have feedback, suggestions, or questions about this post, please reach out to me on Twitter (@data_henrik) or LinkedIn

Was this article helpful?
YesNo

More from Cloud

Attention new clients: exciting financial incentives for VMware Cloud Foundation on IBM Cloud

4 min read - New client specials: Get up to 50% off when you commit to a 1- or 3-year term contract on new VCF-as-a-Service offerings, plus an additional value of up to USD 200K in credits through 30 June 2025 when you migrate your VMware workloads to IBM Cloud®.1 Low starting prices: On-demand VCF-as-a-Service deployments begin under USD 200 per month.2 The IBM Cloud benefit: See the potential for a 201%3 return on investment (ROI) over 3 years with reduced downtime, cost and…

24 IBM offerings winning TrustRadius 2024 Top Rated Awards

2 min read - TrustRadius is a buyer intelligence platform for business technology. Comprehensive product information, in-depth customer insights and peer conversations enable buyers to make confident decisions. “Earning a Top Rated Award means the vendor has excellent customer satisfaction and proven credibility. It’s based entirely on reviews and customer sentiment,” said Becky Susko, TrustRadius, Marketing Program Manager of Awards. Top Rated Awards have to be earned: Gain 10+ new reviews in the past 12 months Earn a trScore of 7.5 or higher from…

IBM Tech Now: April 8, 2024

< 1 min read - ​Welcome IBM Tech Now, our video web series featuring the latest and greatest news and announcements in the world of technology. Make sure you subscribe to our YouTube channel to be notified every time a new IBM Tech Now video is published. IBM Tech Now: Episode 96 On this episode, we're covering the following topics: IBM Cloud Logs A collaboration with IBM watsonx.ai and Anaconda IBM offerings in the G2 Spring Reports Stay plugged in You can check out the…

IBM Newsletters

Get our newsletters and topic updates that deliver the latest thought leadership and insights on emerging trends.
Subscribe now More newsletters