:doc:`GlobalAccelerator <../../globalaccelerator>` / Client / create_cross_account_attachment

*******************************
create_cross_account_attachment
*******************************



.. py:method:: GlobalAccelerator.Client.create_cross_account_attachment(**kwargs)

  

  Create a cross-account attachment in Global Accelerator. You create a cross-account attachment to specify the *principals* who have permission to work with *resources* in accelerators in their own account. You specify, in the same attachment, the resources that are shared.

   

  A principal can be an Amazon Web Services account number or the Amazon Resource Name (ARN) for an accelerator. For account numbers that are listed as principals, to work with a resource listed in the attachment, you must sign in to an account specified as a principal. Then, you can work with resources that are listed, with any of your accelerators. If an accelerator ARN is listed in the cross-account attachment as a principal, anyone with permission to make updates to the accelerator can work with resources that are listed in the attachment.

   

  Specify each principal and resource separately. To specify two CIDR address pools, list them individually under ``Resources``, and so on. For a command line operation, for example, you might use a statement like the following:

   

  ``"Resources": [{"Cidr": "169.254.60.0/24"},{"Cidr": "169.254.59.0/24"}]``

   

  For more information, see `Working with cross-account attachments and resources in Global Accelerator <https://docs.aws.amazon.com/global-accelerator/latest/dg/cross-account-resources.html>`__ in the *Global Accelerator Developer Guide*.

  

  See also: `AWS API Documentation <https://docs.aws.amazon.com/goto/WebAPI/globalaccelerator-2018-08-08/CreateCrossAccountAttachment>`_  


  **Request Syntax**
  ::

    response = client.create_cross_account_attachment(
        Name='string',
        Principals=[
            'string',
        ],
        Resources=[
            {
                'EndpointId': 'string',
                'Cidr': 'string',
                'Region': 'string'
            },
        ],
        IdempotencyToken='string',
        Tags=[
            {
                'Key': 'string',
                'Value': 'string'
            },
        ]
    )
    
  :type Name: string
  :param Name: **[REQUIRED]** 

    The name of the cross-account attachment.

    

  
  :type Principals: list
  :param Principals: 

    The principals to include in the cross-account attachment. A principal can be an Amazon Web Services account number or the Amazon Resource Name (ARN) for an accelerator.

    

  
    - *(string) --* 

    

  :type Resources: list
  :param Resources: 

    The Amazon Resource Names (ARNs) for the resources to include in the cross-account attachment. A resource can be any supported Amazon Web Services resource type for Global Accelerator or a CIDR range for a bring your own IP address (BYOIP) address pool.

    

  
    - *(dict) --* 

      A resource is one of the following: the ARN for an Amazon Web Services resource that is supported by Global Accelerator to be added as an endpoint, or a CIDR range that specifies a bring your own IP (BYOIP) address pool.

      

    
      - **EndpointId** *(string) --* 

        The endpoint ID for the endpoint that is specified as a Amazon Web Services resource.

         

        An endpoint ID for the cross-account feature is the ARN of an Amazon Web Services resource, such as a Network Load Balancer, that Global Accelerator supports as an endpoint for an accelerator.

        

      
      - **Cidr** *(string) --* 

        An IP address range, in CIDR format, that is specified as resource. The address must be provisioned and advertised in Global Accelerator by following the bring your own IP address (BYOIP) process for Global Accelerator

         

        For more information, see `Bring your own IP addresses (BYOIP) <https://docs.aws.amazon.com/global-accelerator/latest/dg/using-byoip.html>`__ in the Global Accelerator Developer Guide.

        

      
      - **Region** *(string) --* 

        The Amazon Web Services Region where a shared endpoint resource is located.

        

      
    

  :type IdempotencyToken: string
  :param IdempotencyToken: **[REQUIRED]** 

    A unique, case-sensitive identifier that you provide to ensure the idempotency—that is, the uniqueness—of the request.

    This field is autopopulated if not provided.

  
  :type Tags: list
  :param Tags: 

    Add tags for a cross-account attachment.

     

    For more information, see `Tagging in Global Accelerator <https://docs.aws.amazon.com/global-accelerator/latest/dg/tagging-in-global-accelerator.html>`__ in the *Global Accelerator Developer Guide*.

    

  
    - *(dict) --* 

      A complex type that contains a ``Tag`` key and ``Tag`` value.

      

    
      - **Key** *(string) --* **[REQUIRED]** 

        A string that contains a ``Tag`` key.

        

      
      - **Value** *(string) --* **[REQUIRED]** 

        A string that contains a ``Tag`` value.

        

      
    

  
  :rtype: dict
  :returns: 
    
    **Response Syntax**

    
    ::

      {
          'CrossAccountAttachment': {
              'AttachmentArn': 'string',
              'Name': 'string',
              'Principals': [
                  'string',
              ],
              'Resources': [
                  {
                      'EndpointId': 'string',
                      'Cidr': 'string',
                      'Region': 'string'
                  },
              ],
              'LastModifiedTime': datetime(2015, 1, 1),
              'CreatedTime': datetime(2015, 1, 1)
          }
      }
      
    **Response Structure**

    

    - *(dict) --* 
      

      - **CrossAccountAttachment** *(dict) --* 

        Information about the cross-account attachment.

        
        

        - **AttachmentArn** *(string) --* 

          The Amazon Resource Name (ARN) of the cross-account attachment.

          
        

        - **Name** *(string) --* 

          The name of the cross-account attachment.

          
        

        - **Principals** *(list) --* 

          The principals included in the cross-account attachment.

          
          

          - *(string) --* 
      
        

        - **Resources** *(list) --* 

          The resources included in the cross-account attachment.

          
          

          - *(dict) --* 

            A resource is one of the following: the ARN for an Amazon Web Services resource that is supported by Global Accelerator to be added as an endpoint, or a CIDR range that specifies a bring your own IP (BYOIP) address pool.

            
            

            - **EndpointId** *(string) --* 

              The endpoint ID for the endpoint that is specified as a Amazon Web Services resource.

               

              An endpoint ID for the cross-account feature is the ARN of an Amazon Web Services resource, such as a Network Load Balancer, that Global Accelerator supports as an endpoint for an accelerator.

              
            

            - **Cidr** *(string) --* 

              An IP address range, in CIDR format, that is specified as resource. The address must be provisioned and advertised in Global Accelerator by following the bring your own IP address (BYOIP) process for Global Accelerator

               

              For more information, see `Bring your own IP addresses (BYOIP) <https://docs.aws.amazon.com/global-accelerator/latest/dg/using-byoip.html>`__ in the Global Accelerator Developer Guide.

              
            

            - **Region** *(string) --* 

              The Amazon Web Services Region where a shared endpoint resource is located.

              
        
      
        

        - **LastModifiedTime** *(datetime) --* 

          The date and time that the cross-account attachment was last modified.

          
        

        - **CreatedTime** *(datetime) --* 

          The date and time that the cross-account attachment was created.

          
    
  
  **Exceptions**
  
  *   :py:class:`GlobalAccelerator.Client.exceptions.InternalServiceErrorException`

  
  *   :py:class:`GlobalAccelerator.Client.exceptions.InvalidArgumentException`

  
  *   :py:class:`GlobalAccelerator.Client.exceptions.LimitExceededException`

  
  *   :py:class:`GlobalAccelerator.Client.exceptions.AccessDeniedException`

  
  *   :py:class:`GlobalAccelerator.Client.exceptions.TransactionInProgressException`

  