Skip to main content

7. AWS RAM (Resource Access Manager)

Notes

Used to share resources across AWS accounts.

  • Products need to support AWS RAM
  • Shared with a principal (Account, OU, Org)
  • no cost, just pay for the resources themselves.

Note: Availability Zones may not be named correctly across accounts, but the AZ ID's are consistent.

image.png

Owner account creates a share Owner account also retains full ownership The owner defines the principal to share it with. Resources provisioned into shared resources are still owned by the account creating it.

One main reason for this is to create a main shared services VPC

image.png

Demo: Shared Services VPC

Building this:
image.png

  1. Run the 1 click deployment into the Management account.
  2. Invite the other account.
  3. Accept from the other account.
  4. Create resource share and then share all the subnets
  5. Select the principals and share.
  6. Switch into the production account and you should see the shared VPC - you may need to accept before this appears
  7. Switch into the dev account and do the same.
  8. Notice the names of the subnets are also visible cross accounts.
  9. Launch an EC2 instance into a shared subnet.
  10. Switch between the accounts to see if you can see the EC2 instances or see if you can change a VPC from an account that isn't the Management account.