This repository includes code samples and additional material related to the IBM Cloud solution tutorial on resource sharing across accounts.
The diagram shows the following scenarios:
- Instances of Object Storage and Databases for MongoDB in Account A and Account B utilize encryption keys managed in the Main Account in Key Protect.
- Security and Compliance Center in the Main Account governs resources in all three accounts (see black lines above).
- Instances of Activity Tracker in Account A and Account B direct security logs with Activity Tracker Event Routing to Object Storage buckets in the Main Account (see blue lines above).
This kind of sharing can be done independently of having an IBM Cloud Enterprise account or not.
- Multi-account access: Configure multi-account access using aliases
- Service to service authorization across accounts: Service to service authorization for Cloud Object Storage to Key Protect
- Activity Tracker event routing: Route Activity Tracker events from local to central corporate AT instance
- Security and Compliance Center: Configure Security and Compliance Center to scan other IBM Cloud accounts