Auto-sync: 2026-04-28 20:03
This commit is contained in:
52
wiki/concepts/AMI-Sharing.md
Normal file
52
wiki/concepts/AMI-Sharing.md
Normal file
@@ -0,0 +1,52 @@
|
||||
---
|
||||
title: "AMI Sharing"
|
||||
type: concept
|
||||
tags:
|
||||
- AWS
|
||||
- AMI
|
||||
- Multi-Account
|
||||
sources: []
|
||||
last_updated: 2026-05-07
|
||||
---
|
||||
|
||||
## AMI Sharing
|
||||
|
||||
AWS 镜像跨账号共享机制,通过授权其他 AWS 账户访问中央镜像,而非物理复制(AMI Copying),避免跨账号复制带来的额外存储成本。
|
||||
|
||||
## Definition
|
||||
|
||||
AMI Sharing 是 AWS 账户管理策略,允许 AMI 所有者:
|
||||
- 将 AMI 共享给特定 AWS 账户
|
||||
- 将 AMI 共享给 AWS Organization 内所有成员账户
|
||||
- 通过 RAM(Resource Access Manager)前缀列表跨账户共享规则
|
||||
|
||||
## Benefits vs AMI Copying
|
||||
|
||||
| 维度 | AMI Sharing | AMI Copying |
|
||||
|------|-------------|-------------|
|
||||
| 存储成本 | 零增量 | 每区域完整副本 |
|
||||
| 一致性 | 单一源,完全一致 | 复制后可能不一致 |
|
||||
| 维护 | 单一更新点 | 每副本需独立更新 |
|
||||
| 权限 | 通过 IAM/KMS 控制 | 独立权限管理 |
|
||||
|
||||
## In Micro Focus CTP
|
||||
|
||||
在 Micro Focus 多账户 AWS 环境中:
|
||||
- Foundation AMI 存储在 CCOE 管理账户
|
||||
- 通过 AMI Sharing 分发给所有产品账户
|
||||
- 同步分发至全球多区域(俄勒冈/法兰克福/悉尼)
|
||||
- EBS 卷和 KMS 密钥同步共享
|
||||
|
||||
## Prerequisites
|
||||
|
||||
- AMI 所有者账户与目标账户在同一 AWS Organization,或
|
||||
- 显式授权跨账户共享
|
||||
- KMS 加密 AMI 需额外授权 KMS 密钥使用
|
||||
|
||||
## Sources
|
||||
- [[ctp-topic-26-standard-ami-build-publish-share-processes]] — AMI Sharing 作为分发机制
|
||||
- [[ctp-topic-50-ami-roadmap-for-aws-amis]] — AMI 通过跨账号共享分发给组织内所有账户
|
||||
|
||||
## Related Concepts
|
||||
- [[Foundation-AMI]] — AMI Sharing 分发的主要对象
|
||||
- [[AWS]] Organizations — 跨账号共享的组织基础
|
||||
Reference in New Issue
Block a user