Cross-tenant Access
Allow multiple Tenants access to the same resources
These features are currently only available for AWS.
You can configure the DuploCloud Portal to support various types of Cross-tenant access. Cross-tenant access enables you to share access to resources and services between two DuploCloud Tenants.
Configure Cross-tenant access to:
Share specific services between Tenants in the DuploCloud Portal that are restricted by IAM policies.
Prerequisites
Before you can use Cross-tenant access, you must do the following:
Add a Security Group rule to allow port access between each of the Tenants requiring Cross-tenant access in the Security Group.
Include the full application Namespace when accessing the domain, in this format: https://NAMESPACE.duploservices-TENANT_NAME:PORT
For example, If Tenant dev01 is running an app named myapp on port 8080, then access the domain using the URL https://myapp.duploservices-dev01:8080.
Granting general non-IAM restricted access between Tenants
When you grant general non-IAM restricted access between Tenants, you allow one DuploCloud Tenant full access to another Tenant's workspace or Namespace. Restrictions are defined by your Security Groups in your underlying Cloud Platform. In the DuploCloud Portal, you configure general access between Tenants using a Tenant's Security tab.
To grant Cross-tenant access only to specific services that are restricted by IAM policies, see the next section.
In the DuploCloud Portal, navigate to Administrator -> Tenants.
Select the Tenant whose resources you want to share from the Name column.
Click the Security tab.
Click Add. The Add Tenant Security pane displays.
From the Source Type list box, select Tenant.
From the Tenants list box, select another Tenant with whom you want to share resources.
From the Protocol list box, select the protocol that you want to use for sharing.
In the Port Range field, specify the range of ports to which you want to grant access.
Add a user-friendly Description of this sharing rule.
Click Add.
Granting Cross-tenant access to specific IAM-restricted services
To allow access, or create a share, between two Tenants for specific IAM-restricted services, perform this procedure using the Tenant Grants tab.
To establish general non-IAM restricted Cross-tenant access, see the previous section.
You can share access to the following Services between Tenants:
KMS Keys
Ensure that the two Tenants that are sharing resources reside within the same region in the AWS Portal.
In the DuploCloud portal, navigate to Administrator -> Tenants. The Tenants page displays.
From the Name column, select the Tenant with access to the restricted resource that you want to share. In this example, we choose to share resources to which Tenant uat-01 has access.
Click the Grants tab. Select Allow Other Tenants to access TENANT_NAME, where TENANT_NAME is the Tenant you selected.
Click Add. The Grant Cross-Tenant Access pane displays.
From the Requesting Tenant list box, select the Tenant with whom you want to share access. In this example, the Requesting Tenant is demo01.
From the Access to Area list box, select the restricted policy-based resource that you want to share.
Click Create. Your Cross-tenant Access share is created.
Viewing Cross-tenant grants to restricted policy-based resources
In the DuploCloud portal, navigate to Administrator -> Tenants. The Tenants page displays.
From the Name column, select the Tenant whose Cross-tenant grants you want to view. In this example, we select Tenant uat-01.
Click the Grants tab. Select Allow Other Tenants to access TENANT_NAME, where TENANT_NAME is the Tenant you selected.
The resources that TENANT_NAME (uat-01, in this example) has access to are displayed.
Last updated
