VPC Sharing

AWS allows VPC subnets to be shared from one account to another. This allows us to have a central place to manage networking and reduce the overall network footprint (e.g., less NAT Gateways == lower costs). This idea is fully discussed in an AWS Blog Post titled VPC sharing: A new approach to multiple accounts and VPC management

At Miles Systems we have two VPCs: one for Production and another for Development. These VPCs are deployed to the Shared Networking account (AWS Account ID 374319930067). From there, these accounts are shared to the Prod and Non-Prod accounts using AWS Resource Access Manager. These resource shares and managed via AWS CloudFormation in the (network-shares.yaml) template file. This template is deployed as a stack to the Shared Networking account called network-resource-shares. This stack contains two resource shares: Prod VPC and Non-Prod VPC.

While, it is possible to update the resource shares manually, it is strongly encouraged to make updates via CloudFormation to avoid configuration drift.

Please note that subnet tags are not shared with the subnets themselves. Tags are account specific. To help make copying Name tags to new accounts easier, a script called copy-subnet-tags.py has been created. Please refer to the documentation for that script for more details.