For easing billing I want to use a different AWS account for each cost center. But we want all the services to run inside the same VPC. This is both because different services may need to communicate with each other and there are a limited number of hardware VPN connections available. So the question is how can you make your VPC available to other AWS accounts that you own so they can launch instances inside of it?
The infrastructure team has an AWS Account A. The VPC is present on this account and is billed to the infrastructure team for the NAT instance and the VPN gateway. The team on a project has an account B. The instances need to be launched and billed to this account.
I've been reading the resources here: http://docs.aws.amazon.com/IAM/latest/UserGuide/delegation-cross-acct-access.html . It seems as if I can use AssumeRole as Account B to grant access across accounts, but then as far as I can tell my identity changes to the Account A (The owner field had the number for Account A). Resource-based policies seem like what I'm thinking but they are not supported for VPCs.
I'm assuming there has to be some way to do this. Otherwise it doesn't make any sense to have an owner field with an AWS account number for EC2 instances and other resources.
If you enable programmatic access to your bills, you can select the tags you want included. This allows you to produce the report you're looking for.
As of June 2013 Amazon has confirmed that it is not possible to share a VPC with another account.: https://forums.aws.amazon.com/thread.jspa?messageID=462834&tstart=0#