Use AWS Resource Access Manager to share AWS resources between AWS accounts.

To share a resource:

1. Create a resource share:link:
2. Associate the resource:large_blue_circle: with the resource share:link:, and
3. Specify the principal(s):guardsman: that can access the resource:large_blue_circle:.

Resource Share :link:

Terraform ♉️

• aws_ram_resource_share

Resource 🔵

Terraform ♉️

• aws_ram_resource_association

Principal 💂

The following principals are supported:

• The ID of an AWS account
• The Amazon Resource Name (ARN) of an OU from AWS Organizations
• The Amazon Resource Name (ARN) of an organization from AWS Organizations

Terraform ♉️

• aws_ram_principal_association

Resource Share Invitation

If you specify an AWS account that doesn't exist in the same organization as the account that owns the resource share:

1. The owner of the specified account receives an invitation to accept the resource share.
2. After the owner accepts the invitation, they can access the resources in the resource share. An administrator of the specified account can use IAM policies to restrict access resources in the resource share.

AWS SDK Go

• AcceptResourceShareInvitation
• AcceptResourceShareInvitationRequest
• AcceptResourceShareInvitationWithContext
• GetResourceShareInvitations
• GetResourceShareInvitationsPagesWithContext
• GetResourceShareInvitationsRequest
• GetResourceShareInvitationsWithContext
• RejectResourceShareInvitation
• RejectResourceShareInvitationRequest
• RejectResourceShareInvitationWithContext