AWS Resource Access Manager

User Guide

AWS Resource Access Manager

Copyright ? 2024 Amazon Web Services, Inc. and/or its affiliates. All rights reserved.

AWS Resource Access Manager

AWS Resource Access Manager: User Guide

User Guide

Copyright ? 2024 Amazon Web Services, Inc. and/or its affiliates. All rights reserved.

Amazon's trademarks and trade dress may not be used in connection with any product or service that is not Amazon's, in any manner that is likely to cause confusion among customers, or in any manner that disparages or discredits Amazon. All other trademarks not owned by Amazon are the property of their respective owners, who may or may not be affiliated with, connected to, or sponsored by Amazon.

AWS Resource Access Manager

Table of Contents

User Guide

What is AWS RAM? .......................................................................................................................... 1 Video overviews ............................................................................................................................................ 1 Benefits of AWS RAM .................................................................................................................................. 2 What about cross-account access with resource-based policies? .................................................. 2 How resource sharing works ...................................................................................................................... 3 Sharing your resources ........................................................................................................................... 3 Using shared resources .......................................................................................................................... 4 Accessing AWS RAM ..................................................................................................................................... 5 Pricing for AWS RAM ................................................................................................................................... 6 Compliance and international standards ................................................................................................. 6 PCI DSS ...................................................................................................................................................... 6 FedRAMP ................................................................................................................................................... 6 SOC and ISO ............................................................................................................................................ 6

Getting started ................................................................................................................................ 8 Terms and concepts ..................................................................................................................................... 8 Resource share ......................................................................................................................................... 8 Sharing account ....................................................................................................................................... 9 Consuming principals ............................................................................................................................. 9 Resource-based policy ......................................................................................................................... 11 Managed permissions ........................................................................................................................... 15 Managed permission version .............................................................................................................. 16 Sharing your resources .............................................................................................................................. 17 Enable resource sharing within AWS Organizations ...................................................................... 18 Create a resource share ....................................................................................................................... 19 Using shared resources ............................................................................................................................. 28 Respond to the resource share invitation ........................................................................................ 28 Use the resources that are shared with you ................................................................................... 30

Working with shared resources .................................................................................................... 31 Regional and global resources ................................................................................................................ 31 What are the differences between Regional and global resources? ........................................... 32 Resource shares and their Regions ................................................................................................... 33 Resources owned by you .......................................................................................................................... 34 Viewing resource shares you created ............................................................................................... 35 Creating a resource share ................................................................................................................... 37

iii

AWS Resource Access Manager

User Guide

Updating a resource share .................................................................................................................. 46 Viewing your shared resources .......................................................................................................... 53 Viewing principals you share with .................................................................................................... 54 Deleting a resource share ................................................................................................................... 56 Resources shared with you ....................................................................................................................... 58 Accepting and rejecting invitations ................................................................................................... 58 Viewing resource shares shared with you ........................................................................................ 62 Viewing resources shared with you ................................................................................................... 64 View principals sharing with you ...................................................................................................... 66 Leaving a resource share ..................................................................................................................... 67 Availability Zone IDs .................................................................................................................................. 70 Shareable resources ....................................................................................................................... 74 AWS App Mesh ........................................................................................................................................... 75 AWS AppSync GraphQL API ..................................................................................................................... 76 Amazon Aurora ........................................................................................................................................... 77 AWS Private Certificate Authority .......................................................................................................... 78 Amazon DataZone ...................................................................................................................................... 79 AWS CodeBuild ........................................................................................................................................... 80 Amazon EC2 ................................................................................................................................................ 82 EC2 Image Builder ...................................................................................................................................... 86 Amazon FSx for OpenZFS ........................................................................................................................ 89 AWS Glue ..................................................................................................................................................... 90 AWS License Manager ............................................................................................................................... 94 AWS Marketplace ....................................................................................................................................... 94 AWS Migration Hub Refactor Spaces ..................................................................................................... 95 AWS Network Firewall ............................................................................................................................... 96 AWS Outposts ............................................................................................................................................. 98 Amazon S3 on Outposts ........................................................................................................................ 100 AWS Resource Explorer ........................................................................................................................... 101 AWS Resource Groups ............................................................................................................................. 102 Amazon Route 53 .................................................................................................................................... 103 Amazon Route 53 Application Recovery Controller .......................................................................... 106 Amazon Simple Storage Service ........................................................................................................... 107 Amazon SageMaker ................................................................................................................................. 108 AWS Service Catalog AppRegistry ........................................................................................................ 114 AWS Systems Manager Incident Manager .......................................................................................... 115

iv

AWS Resource Access Manager

User Guide

Amazon VPC ............................................................................................................................................. 117 Amazon VPC Lattice ................................................................................................................................ 127 AWS Cloud WAN ...................................................................................................................................... 129 Managing permissions in AWS RAM .......................................................................................... 131 Viewing managed permissions .............................................................................................................. 132 Creating and using customer managed permissions ........................................................................ 137

Create a customer managed permission ....................................................................................... 138 Create a new version of a customer managed permission ........................................................ 139 Choose a different version to be the default for a customer managed permission .............. 141 Delete a customer managed permission version ......................................................................... 143 Delete a customer managed permission ....................................................................................... 144 Updating managed permission versions ............................................................................................. 145 Customer managed permission considerations ................................................................................. 147 How managed permissions work ......................................................................................................... 148 Types of managed permissions ............................................................................................................ 149 Security ........................................................................................................................................ 152 Data protection ........................................................................................................................................ 152 Identity and access management ......................................................................................................... 153 How AWS RAM works with IAM ...................................................................................................... 154 AWS managed policies ...................................................................................................................... 157 Using Service-Linked Roles ............................................................................................................... 162 Example IAM policies ......................................................................................................................... 164 Example SCPs ...................................................................................................................................... 166 Disable sharing with Organizations ................................................................................................ 170 Logging and monitoring ........................................................................................................................ 170 Monitoring using CloudWatch Events ............................................................................................ 171 Logging AWS RAM API calls with AWS CloudTrail ....................................................................... 173 Resilience ................................................................................................................................................... 175 Infrastructure security ............................................................................................................................. 175 Troubleshooting ........................................................................................................................... 177 Error: Account ID doesn't exist ............................................................................................................. 177 Scenario ................................................................................................................................................ 177 Cause ..................................................................................................................................................... 177 Solution ................................................................................................................................................. 177 Error: Access Denied Exception ............................................................................................................. 178 Scenario ................................................................................................................................................ 178

v

 ................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download