AWS Account
Learn about requirements for the AWS account you plan to use with Oracle Database@AWS.
The following AWS account types are relevant to Oracle Database@AWS: buyer account, owner account, trusted account, grantor account, and grantee account.
Note that these account types aren't mutually exclusive. For example, the buyer account for an Oracle Database@AWS deployment might also be the owner account for the Oracle Database@AWS resources provisioned within the buyer account.
Buyer account: This is the AWS account that requests and accepts a private offer for Oracle Database@AWS. This account must be a member account in your AWS organization. The buyer account is responsible for Oracle Database@AWS service onboarding, linking the AWS account to an OCI tenancy, resource provisioning, and sharing resources with trusted accounts.
- The buyer account must not be the AWS payer (management) account.
- When requesting a private offer, provide Oracle with the ID of the specific AWS buyer account where you plan to provision database resources.
- The buyer account must be subscribed to the AWS region where Oracle Database@AWS onboarding occurs. See Regional Availability for supported regions. Similarly, the OCI tenancy must be subscribed to the OCI region paired with the AWS region where onboarding occurs.
Owner account: An AWS account that creates a specific resource is considered the owner account for that resource. For example, the account that creates an Exadata infrastructure resource is the owner account for that resource. Typically, when initially deploying Oracle Database@AWS, the buyer account deploys the first Exadata infrastructure resource and is thus also the owner account for the resource. If a second account is used to create an Exadata VM cluster with the infrastructure resource, the second account is the owner account for the VM Cluster. The owner account for the infrastructure resource must explicitly allow access to the resource to the second account using it to provision the VM cluster.
Trusted account: An account that is granted access by an owner account to a specific resource is called a trusted account. Oracle Database@AWS allows owner accounts to share resources like Exadata Infrastructures and ODB Networks with other AWS accounts that are members of the same AWS organization. To learn more about Oracle Database@AWS resource sharing, see Resource sharing in Oracle Database@AWS in the AWS documentation.
Grantor Account: This is the AWS account that owns and shares an Oracle Database@AWS subscription through AWS License Manager to the grantee account. The Grantor Account is typically the account that accepted the Oracle Database@AWS private offer through AWS Marketplace. By creating a grant in AWS License Manager, the Grantor Account enables one or more AWS accounts within the same AWS Organization to share the Oracle subscription. The Grantor Account manages the lifecycle of the grant (create, activate, revoke) and retains visibility into billing events, but doesn't have access to or visibility into the resources provisioned by the grantee accounts.
Grantee Account: This is the AWS account that receives an Oracle subscription grant from the Grantor Account through AWS License Manager. After the grant is accepted and activated, the Grantee Account can independently provision, manage, update, and delete Oracle Database@AWS resources using the shared subscription. The Grantee Account maintains full control over the resource lifecycle for the resources it creates. A Grantee Account can accept a subscription grant from only one Grantor Account at a time. To learn more about Oracle Database@AWS Subscription Sharing, see Subscription Sharing (Optional).