Skip to content

Latest commit

 

History

History
103 lines (63 loc) · 5.69 KB

cross-tenant-access.md

File metadata and controls

103 lines (63 loc) · 5.69 KB
description
Allow multiple Tenants access to the same resources

Cross-tenant Access

{% hint style="info" %} These features are currently only available for AWS. {% endhint %}

You can configure the DuploCloud Portal to support various types of Cross-tenant access. Cross-tenant access enables you to share access to resources and services between two DuploCloud Tenants.

Configure Cross-tenant access to:

Prerequisites

Before you can use Cross-tenant access, you must do the following:

  • Add a Security Group rule to allow port access between each of the Tenants requiring Cross-tenant access in the Security Group.
  • Include the full application Namespace when accessing the domain in this format: https://NAMESPACE.duploservices-TENANT_NAME:PORT

For example, If Tenant dev01 is running an app named myapp on port 8080, then access the domain using the URL https://myapp.duploservices-dev01:8080.

Granting general non-IAM restricted access between Tenants

When you grant general non-IAM restricted access between Tenants, you allow one DuploCloud Tenant full access to another Tenant's workspace or Namespace. Your Security Groups define restrictions in your underlying Cloud Platform. In the DuploCloud Portal, you configure general access between Tenants using a Tenant's Security tab.

To grant Cross-tenant access only to specific services restricted by IAM policies, see the next section.

  1. In the DuploCloud Portal, navigate to Administrator -> Tenants.
  2. Select the Tenant whose resources you want to share from the Name column.
  3. Click the Security tab.
  4. Click Add. The Add Tenant Security pane displays.
  5. From the Source Type list box, select Tenant.
  6. From the Tenants list box, select another Tenant with whom you want to share resources.
  7. From the Protocol list box, select the protocol that you want to use for sharing.
  8. In the Port Range field, specify the range of ports to which you want to grant access.
  9. Add a user-friendly Description of this sharing rule.
  10. Click Add.

Add Tenant Security pane

Granting Cross-tenant access to specific IAM-restricted services

To allow access or create a share between two Tenants for specific IAM-restricted services, perform this procedure using the Tenant Grants tab.

To establish general non-IAM restricted Cross-tenant access, see the previous section.

You can share access to the following Services between Tenants:

{% hint style="warning" %} Ensure that the two Tenants sharing resources reside within the same region in the AWS Portal. {% endhint %}

  1. In the DuploCloud portal, navigate to Administrator -> Tenants. The Tenants page displays.

  2. From the Name column, select the Tenant with access to the restricted resource that you want to share. In this example, we choose to share resources to which Tenant uat-01 has access.

  3. Click the Grants tab. Select **Allow Other Tenants to access **TENANT_NAME, where TENANT_NAME is the Tenant you selected.\

    Grants tab with Allow Other Tenants to access TENANT_NAME option

  4. Click Add. The Grant Cross-Tenant Access pane displays.\

    Grant Cross-Tenant Access pane

  5. From the Requesting Tenant list box, select the Tenant with whom you want to share access from the Requesting Tenant list box. In this example, the Requesting Tenant is demo01.

  6. From the Access to Area list box, select the restricted policy-based resource you want to share.

  7. Click Create. Your Cross-tenant Access share is created.

Viewing Cross-tenant grants to restricted policy-based resources

  1. In the DuploCloud portal, navigate to Admini> Tenants. The Tenants page displays.
  2. From the Name column, select the Tenant whose Cross-tenant grants you want to view. In this example, we select Tenant uat-01.
  3. Click the Grants tab. Select **Allow Other Tenants to access **TENANT_NAME, where TENANT_NAME is the Tenant you selected.
  4. The resources that TENANT_NAME (uat-01, in this example) can access are displayed.

Grant tab on the Tenant page