Q: What is AWS Resource Access Manager?
A: AWS Resource Access Manager (RAM) provides you the ability to securely share your resources across AWS accounts or within your Organization. You can now centrally procure resources and use RAM to share resources with other accounts, eliminating the need to provision and manage resources in every account. When you share a resource with another account, that account is granted access to the resource and any policies and permissions in that account will apply to the shared resource.
Q: What types of AWS resources can I share using RAM?
At this time, you can share Amazon Route 53 Resolver Rules, AWS Transit Gateways, Subnets, and AWS License Manager Configurations. We will be continuously adding support to share more types of resources using RAM.
Q: How can I get started with RAM?
A: You can get started with RAM by creating a Resource Share using the API/CLI or the AWS Management Console. You can easily share resources by adding resources and accounts to a Resource Share. A Resource Share grants accounts access to resources.
Q: Who can I share resources with?
A: You can share resources with any AWS account, and if you are part of AWS Organizations, then you can also share resources with Organizational Units (OUs) or your entire Organization. If you share resources with accounts that are outside of your Organization, then those accounts will receive an invitation to the Resource Share and can start using the shared resources upon accepting the invitation.
Q: How can I view resources that have been shared with my account?
A: You can view resources that have been shared with your account in the RAM console or by using the RAM APIs. The resources that have been shared with your account will also appear in the respective resource console pages and the respective List/Describe APIs for those resource types. For example, when an AWS Deliverator Rule is shared with an account then that rule will appear on the Deliverator page of the Amazon Route53 console along with the other rules owned by that account and the shared rule will also be returned in the response of the ListDelivertorRules API.
Q: Will I incur any charges for sharing my resources with other accounts?
No. You can share resources at no additional cost.
Q: Can I tag a Resource Share?
Yes, you can tag a Resource Share at the time of creation or any time after creation.
Q: How can I control access to resources shared with me?
You can specify IAM policies to control access to resources shared with you.
Q: Can I stop sharing a resource?
Yes, you can stop sharing a resource by removing it from the Resource Share or by deleting the Resource Share.
Q: How can I know about changes to Resource Shares?
All calls to RAM APIs are logged in AWS CloudTrail. In addition, CloudWatch Events are triggered whenever there are changes to Resource Shares. Please click here to learn more about AWS CloudTrail and here to learn about AWS CloudWatch.