I have an AWS account that services multiple organizations. We use tenants to isolate workloads and resources to a specific organization. I need to be able to have multiple tenants use the same AWS credentials to access the same AWS account.

I expect that I can share/unshare specific networks since VPCs and Subnets are dedicated to specific organizations.

I expect that when I create AWS resources via Platform9 that those resources will only be accessible in the specific Region/DU and tenant that the resource was created from.

Example: Instance and volume created from region: spglobal-dev-aws-us-east and tenant: DI-Dev will only be accessible in that region and tenant and it will not be discovered by other regions/tenants linked to the same AWS account.

I expect that when an AWS EC2 instance is created via AWS that it will be discovered based on an AWS tag.